域间路由安全监测系统的设计与实现

发布时间：2018-06-01 03:34

本文选题：BGP协议 + 路由监测　；参考：《首都师范大学》2014年硕士论文

【摘要】：当前Internet由众多自治系统组成,自治系统之间采用域间路由协议BGP交换路由信息以实现网络的可达。在BGP设计阶段,人们并没有充分考虑网络路由的安全性问题,路由异常和攻击事件时有发生,导致网络通信中断甚至瘫痪等严重后果。为了保障网络的安全可靠运行,需要对其进行有效的监测,但是目前的监测系统存在部署困难,检测异常或攻击类型单一等问题,并不能很好的满足实际需求,因此很有必要研制域间路由安全监测系统。该系统提供对全网路由安全的关联分析功能,检测和分析网络路由攻击和异常事件,对实时掌握网络安全态势,控制与防护路由攻击和异常事件,保证重要业务的稳定运行,提高路由系统的安全级别等具有重要意义。本文设计和实现了一个BGP域间路由安全监测系统,论文的主要贡献和工作如下： (1)域间路由异常检测子系统的设计与实现域间路由异常检测子系统的主要功能是检测域间路由异常事件,比如AS增加异常、网络风暴异常等。该子系统主要分为路由信息接收层和分析层,其核心为分析层,分析层主要通过对网络域间路由信息的分析确认各类异常事件的发生。在域间路由异常检测过程中,关键在于对BGP Update(路由更新)报文的分析。通过分析路由更新报文中各个属性值的变化,判断是否有AS增加、网络震荡等异常产生。实验结果表明,该子系统可及时检测出网络震荡、自治系统增加和网络可达性信息变化异常。 (2)域间路由攻击检测子系统的设计与实现域间路由攻击检测子系统的主要功能是检测域间路由攻击事件,本文主要集中于路由攻击类型—前缀劫持的检测。该子系统分为路由信息接收层和分析层,信息接收层的主要作用是接收域间路由信息；信息分析层的主要作用是全面分析域间路由信息,检测出可疑的路由攻击事件。在域间路由攻击检测过程中,首先是对攻击中产生的BGP更新数据包的变化进行分析；然后借助于网络数据层的信息,通过控制层路由信息和网络数据层信息的关联分析,确定域间路由攻击事件的发生。实验结果表明,该子系统可以较准确的检测出前缀劫持事件。
[Abstract]:At present, Internet is composed of many autonomous systems. Inter-domain routing protocol (BGP) is used to exchange routing information between autonomous systems to achieve network accessibility. In the stage of BGP design, people do not consider the security of network routing sufficiently. Routing anomalies and attack events occur frequently, resulting in network communication interruption or even paralysis and other serious consequences. In order to ensure the safe and reliable operation of the network, it is necessary to monitor it effectively. However, the current monitoring system has some problems such as difficult deployment, detection of anomalies or single attack type, which can not meet the actual needs. Therefore, it is necessary to develop inter-domain routing security monitoring system. The system provides the correlation analysis function to the whole network route security, detects and analyzes the network route attack and the unusual event, grasps the network security situation in real time, controls and protects the route attack and the unusual event, guarantees the important service to run stably. It is very important to improve the security level of routing system. This paper designs and implements a BGP inter-domain routing security monitoring system. The main contributions and work of this paper are as follows: Design and implementation of inter-domain routing anomaly detection subsystem The main function of inter-domain routing anomaly detection subsystem is to detect inter-domain routing anomaly events, such as increase anomaly, network storm anomaly and so on. The subsystem is mainly divided into routing information receiving layer and analysis layer. The core of the subsystem is the analysis layer. The analysis layer confirms the occurrence of all kinds of abnormal events mainly through the analysis of the routing information between the network domains. In the process of inter-domain routing anomaly detection, the key lies in the analysis of BGP Update (routing Update) packets. By analyzing the changes of the values of each attribute in the routing update message, we can determine whether there are as increase, network oscillation and other anomalies. The experimental results show that the subsystem can detect the network oscillation, the increase of autonomous system and the abnormal change of network reachability information in time. Design and implementation of inter-domain routing attack detection subsystem The main function of inter-domain routing attack detection subsystem is to detect inter-domain routing attack events. The subsystem is divided into routing information receiving layer and analysis layer. The main function of the information receiving layer is to receive inter-domain routing information, and the main function of the information analysis layer is to analyze the inter-domain routing information comprehensively and detect suspicious routing attack events. In the process of inter-domain routing attack detection, the change of the BGP update data packet generated in the attack is analyzed, and then, with the help of the information of the network data layer, the correlation analysis between the control layer routing information and the network data layer information is carried out. Determines the occurrence of inter-domain routing attacks. The experimental results show that this subsystem can detect prefix hijacking events accurately.
【学位授予单位】：首都师范大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】