一种基于AS安全联盟的域间路由系统拟态防护机制
发布时间:2018-12-05 19:00
【摘要】:针对域间路由系统的大规模低速率拒绝服务攻击(Low-rate DoS against BGP Session,BGP-LDoS)能够造成域间路由系统的整体瘫痪,而现有的检测方法和防护措施难以有效检测和防御此类攻击。BGP-LDoS攻击实施的前提是对域间路由系统的拓扑进行探测分析,获取关键链路的相关参数信息。网络拟态变换能够通过持续的动态变换来迷惑攻击者,增加攻击者对网络进行探测与分析的代价和复杂度,降低攻击成功的概率。借鉴拟态安全防御思想,提出了一种域间路由系统拓扑动态变换的防护方法,由系统中多个相邻自治系统(Autonomous System,AS)组成AS拟态联盟,在联盟内部进行拓扑等效变换。文中给出了实现的具体过程。对拓扑变换后的网络抗BGP-LDoS攻击的能力进行验证分析,实验结果表明,利用该方法可有效降低攻击者对网络拓扑分析的精确度,干扰其关键链路的选择过程,从而实现对BGP-LDoS攻击的防护。
[Abstract]:Large-scale low-rate denial of service (Low-rate DoS against BGP Session,BGP-LDoS) attacks against inter-domain routing systems can result in the overall paralysis of inter-domain routing systems. However, the existing detection methods and protective measures are difficult to detect and defend such attacks effectively. The premise of implementing BGP-LDoS attacks is to detect and analyze the topology of inter-domain routing system and obtain the relevant parameter information of key links. The network pseudo transformation can confuse the attacker through continuous dynamic transformation, increase the cost and complexity of the attacker's detection and analysis of the network, and reduce the probability of successful attack. Based on the idea of pseudo security defense, a protection method of topology dynamic transformation of inter-domain routing system is proposed. The AS pseudo alliance is composed of several adjacent autonomous systems (Autonomous System,AS) in the system, and the topology equivalent transformation is carried out within the alliance. The realization process is given in this paper. The ability of network to resist BGP-LDoS attack after topology transformation is verified and analyzed. The experimental results show that this method can effectively reduce the accuracy of network topology analysis and interfere with the selection process of key links. In order to achieve the protection against BGP-LDoS attacks.
【作者单位】: 中国人民解放军信息工程大学;清华大学网络科学与网络空间研究院;
【基金】:国家自然科学基金(61402525,61402526,61472215,61502528) 国家“863”高技术研究发展计划基金(2012AA012902)资助
【分类号】:TP393.08
[Abstract]:Large-scale low-rate denial of service (Low-rate DoS against BGP Session,BGP-LDoS) attacks against inter-domain routing systems can result in the overall paralysis of inter-domain routing systems. However, the existing detection methods and protective measures are difficult to detect and defend such attacks effectively. The premise of implementing BGP-LDoS attacks is to detect and analyze the topology of inter-domain routing system and obtain the relevant parameter information of key links. The network pseudo transformation can confuse the attacker through continuous dynamic transformation, increase the cost and complexity of the attacker's detection and analysis of the network, and reduce the probability of successful attack. Based on the idea of pseudo security defense, a protection method of topology dynamic transformation of inter-domain routing system is proposed. The AS pseudo alliance is composed of several adjacent autonomous systems (Autonomous System,AS) in the system, and the topology equivalent transformation is carried out within the alliance. The realization process is given in this paper. The ability of network to resist BGP-LDoS attack after topology transformation is verified and analyzed. The experimental results show that this method can effectively reduce the accuracy of network topology analysis and interfere with the selection process of key links. In order to achieve the protection against BGP-LDoS attacks.
【作者单位】: 中国人民解放军信息工程大学;清华大学网络科学与网络空间研究院;
【基金】:国家自然科学基金(61402525,61402526,61472215,61502528) 国家“863”高技术研究发展计划基金(2012AA012902)资助
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 刘欣;朱培栋;;互联网域间路由安全研究[J];计算机工程;2005年24期
2 卢锡城;赵金晶;朱培栋;董攀;;域间路由系统自组织特性[J];软件学报;2006年09期
3 李自强,周明天;域间路由连通不完全性分析[J];计算机工程与应用;2005年27期
4 刘迎国,念其锋,朱培栋;域间路由系统的安全威胁及其对策[J];微机发展;2005年11期
5 王e鴈,
本文编号:2365311
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2365311.html
