基于特征融合相似度的域间路由系统安全威胁感知方法
发布时间:2019-01-04 08:46
【摘要】:针对域间路由系统的网络攻击技术日益复杂,尤其是近年出现的基于大规模LDo S(low-rate denial of service)的跨平面攻击,其造成的危害远大于传统网络攻击.已有域间路由系统安全技术主要研究如何解决BGP(border gateway protocol)协议缺乏路由真实性验证机制的问题,而针对域间路由系统的大规模LDo S攻击利用的是BGP协议自适应机制的特性,且用于LDo S攻击的流量与许多真实数据流的特征类似,使得现有很多方法难以有效应对.本文提出一种基于加权相似度的域间路由系统安全威胁感知方法,利用多个特征融合描述域间路由系统的安全状态,并结合网络流量的自相似特性,运用加权相似度计算方法量化实时特征值与正常态特征值的偏差,由此评估域间路由系统的安全状态.进一步,通过跟踪安全特征的实时变化情况,即可推断域间路由系统遭受攻击的类型.实验结果表明,该方法能够实现对域间路由系统安全状态的有效评估,在遭受控制平面攻击或数据平面攻击的初期阶段即能感知威胁,为网络管理员及时制定有效的应对策略提供可靠参考.
[Abstract]:The network attack technology for inter-domain routing system is becoming more and more complex, especially the cross-plane attack based on large-scale LDo S (low-rate denial of service) in recent years, which is far more harmful than traditional network attack. The existing inter-domain routing system security technology mainly studies how to solve the problem that BGP (border gateway protocol) protocol lacks the authentication mechanism of routing authenticity, and the large-scale LDo S attack against inter-domain routing system utilizes the characteristics of BGP protocol adaptive mechanism. The traffic used in LDo S attacks is similar to that of many real data streams, which makes it difficult for many existing methods to deal with them effectively. This paper presents a security threat awareness method for inter-domain routing systems based on weighted similarity, which uses multiple features to describe the security state of inter-domain routing systems, and combines the self-similarity of network traffic. The weighted similarity method is used to quantify the deviation between the real-time eigenvalue and the normal eigenvalue to evaluate the security state of the inter-domain routing system. Furthermore, by tracking the real-time changes of security features, the type of attack on inter-domain routing system can be inferred. Experimental results show that the proposed method can effectively evaluate the security state of inter-domain routing systems, and can perceive threats in the initial stage of control plane attacks or data plane attacks. It provides a reliable reference for network administrators to formulate effective coping strategies in time.
【作者单位】: 清华大学网络科学与网络空间研究院;解放军信息工程大学;
【基金】:国家自然科学基金(批准号:61402525,61472215,61402526,61502528)资助项目
【分类号】:TP393.08
[Abstract]:The network attack technology for inter-domain routing system is becoming more and more complex, especially the cross-plane attack based on large-scale LDo S (low-rate denial of service) in recent years, which is far more harmful than traditional network attack. The existing inter-domain routing system security technology mainly studies how to solve the problem that BGP (border gateway protocol) protocol lacks the authentication mechanism of routing authenticity, and the large-scale LDo S attack against inter-domain routing system utilizes the characteristics of BGP protocol adaptive mechanism. The traffic used in LDo S attacks is similar to that of many real data streams, which makes it difficult for many existing methods to deal with them effectively. This paper presents a security threat awareness method for inter-domain routing systems based on weighted similarity, which uses multiple features to describe the security state of inter-domain routing systems, and combines the self-similarity of network traffic. The weighted similarity method is used to quantify the deviation between the real-time eigenvalue and the normal eigenvalue to evaluate the security state of the inter-domain routing system. Furthermore, by tracking the real-time changes of security features, the type of attack on inter-domain routing system can be inferred. Experimental results show that the proposed method can effectively evaluate the security state of inter-domain routing systems, and can perceive threats in the initial stage of control plane attacks or data plane attacks. It provides a reliable reference for network administrators to formulate effective coping strategies in time.
【作者单位】: 清华大学网络科学与网络空间研究院;解放军信息工程大学;
【基金】:国家自然科学基金(批准号:61402525,61472215,61402526,61502528)资助项目
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 卢锡城;赵金晶;朱培栋;董攀;;域间路由系统自组织特性[J];软件学报;2006年09期
2 李自强,周明天;域间路由连通不完全性分析[J];计算机工程与应用;2005年27期
3 刘迎国,念其锋,朱培栋;域间路由系统的安全威胁及其对策[J];微机发展;2005年11期
4 王e鴈,
本文编号:2400060
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2400060.html
