【摘要】：針對域間路由系統(tǒng)的網(wǎng)絡(luò)攻擊技術(shù)日益復(fù)雜,尤其是近年出現(xiàn)的基于大規(guī)模LDo S(low-rate denial of service)的跨平面攻擊,其造成的危害遠(yuǎn)大于傳統(tǒng)網(wǎng)絡(luò)攻擊.已有域間路由系統(tǒng)安全技術(shù)主要研究如何解決BGP(border gateway protocol)協(xié)議缺乏路由真實性驗證機制的問題,而針對域間路由系統(tǒng)的大規(guī)模LDo S攻擊利用的是BGP協(xié)議自適應(yīng)機制的特性,且用于LDo S攻擊的流量與許多真實數(shù)據(jù)流的特征類似,使得現(xiàn)有很多方法難以有效應(yīng)對.本文提出一種基于加權(quán)相似度的域間路由系統(tǒng)安全威脅感知方法,利用多個特征融合描述域間路由系統(tǒng)的安全狀態(tài),并結(jié)合網(wǎng)絡(luò)流量的自相似特性,運用加權(quán)相似度計算方法量化實時特征值與正常態(tài)特征值的偏差,由此評估域間路由系統(tǒng)的安全狀態(tài).進(jìn)一步,通過跟蹤安全特征的實時變化情況,即可推斷域間路由系統(tǒng)遭受攻擊的類型.實驗結(jié)果表明,該方法能夠?qū)崿F(xiàn)對域間路由系統(tǒng)安全狀態(tài)的有效評估,在遭受控制平面攻擊或數(shù)據(jù)平面攻擊的初期階段即能感知威脅,為網(wǎng)絡(luò)管理員及時制定有效的應(yīng)對策略提供可靠參考.
[Abstract]:The network attack technology for inter-domain routing system is becoming more and more complex, especially the cross-plane attack based on large-scale LDo S (low-rate denial of service) in recent years, which is far more harmful than traditional network attack. The existing inter-domain routing system security technology mainly studies how to solve the problem that BGP (border gateway protocol) protocol lacks the authentication mechanism of routing authenticity, and the large-scale LDo S attack against inter-domain routing system utilizes the characteristics of BGP protocol adaptive mechanism. The traffic used in LDo S attacks is similar to that of many real data streams, which makes it difficult for many existing methods to deal with them effectively. This paper presents a security threat awareness method for inter-domain routing systems based on weighted similarity, which uses multiple features to describe the security state of inter-domain routing systems, and combines the self-similarity of network traffic. The weighted similarity method is used to quantify the deviation between the real-time eigenvalue and the normal eigenvalue to evaluate the security state of the inter-domain routing system. Furthermore, by tracking the real-time changes of security features, the type of attack on inter-domain routing system can be inferred. Experimental results show that the proposed method can effectively evaluate the security state of inter-domain routing systems, and can perceive threats in the initial stage of control plane attacks or data plane attacks. It provides a reliable reference for network administrators to formulate effective coping strategies in time.
【作者單位】： 清華大學(xué)網(wǎng)絡(luò)科學(xué)與網(wǎng)絡(luò)空間研究院;解放軍信息工程大學(xué);
【基金】：國家自然科學(xué)基金(批準(zhǔn)號:61402525,61472215,61402526,61502528)資助項目
【分類號】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 盧錫城;趙金晶;朱培棟;董攀;;域間路由系統(tǒng)自組織特性[J];軟件學(xué)報;2006年09期

2 李自強,周明天;域間路由連通不完全性分析[J];計算機工程與應(yīng)用;2005年27期

3 劉迎國,念其鋒,朱培棟;域間路由系統(tǒng)的安全威脅及其對策[J];微機發(fā)展;2005年11期

4 王e鴈，

本文編號：2400060