دانلود رایگان مقاله MAF-SAM: روش موثر برای درک داده تهدید هواپیما از سیستم مسیریابی بین دامنه ای

Abstract

The BGP-based inter-domain routing system plays an important role in the Internet. However, the BGP has some design flaws, which result in many serious security problems for the inter-domain routing system. Recently there has been a new kind of LDoS attack against BGP sessions from data plane. Compared to traditional control plane threats, such as prefix hijacking, the new attack, BGP-LDoS exploits the vulnerability of adaptive mechanism of BGP and would trigger a wild range of cascading failure in inter domain routing system. Unfortunately, existing methods are difficult to detect this threat. To end this, we propose a method based on adaptive fusion of multi features to perceive security threats of inter domain routing system. Several statistics attributes of BGP routing information are firstly chosen to be security features. Then we establish a normal state sub-model for each security features and fuse them together to describe the normal state of the system by linear weighting. Since the fusion model represents the system security state very well, we can obtain the threat probability by computing the deviation of security features from their normal values. The experimental results show that the method can perceive not only control plane threats but also data plane threats of inter domain routing system.

6. Conclusions

After many years of efforts, the research on the security theory and technology of inter domain routing system has made some progress. There have emerged many outstanding solutions which are mainly oriented to control plane threats based on routing information. Their goals are mostly to solve the issues arising from BGP protocol lack of mechanism to verify the authenticity of inter domain routes. However, the defect exploited by data plane threats, such as BGP-LDoS attack, is the adaptive mechanism of BGP protocol. They perform large scale traffic attack on BGP sessions and then trigger a wild range of cascading failure in inter domain routing system. Moreover, the traffic used in LDoS attack has similar statistical characteristics as normal network traffic. It is precisely because data plane threats have the above characteristics, so existing methods are difficult to detect these threats. To end this, this paper proposes a situation awareness method based on adaptive fusion of multi features, which aims to perceive security threats of inter domain routing system. First, we select some statistics attributes of BGP routing information as security features, which strongly characterizes the system security state. Following an idea from clouds model theory, we establish a normal state sub-model for each security features and then fuse them together to describe the normal state of the system by the linear weighted way. Since the fusion model represents the system security state very well, we can obtain the threat probability by computing the deviation of security features from their normal values. Furthermore, in the process of fusing sub-models, the weight of each feature is dynamically adjusted according to their ability to characterize the real-time system security state. By this way, the accuracy and adaptability of the method is further improved. The experimental results show that the MAF-SAM method can perceive not only control plane threats but also data plane threats of inter domain routing system. Due to the comprehensiveness of the data set has an important influence on the accuracy of our method, in future, we will focus on how to get more complete and representative inter domain routing data set by utilizing existing public dataset and deploying private acquisition points to collect more routing data. Certainly, we will further study how to deal with and prevent the data plane threats of inter domain routing system.