基于规则的域间路由系统异常检测

随着Internet的爆炸性增长,域间路由系统变得越来越复杂并难以控制,许多与域间路由安全相关的事件广泛引起了人们的关注。提出一个基于规则的域间路由监测框架,其中的规则可分为常规异常检测规则和特殊异常检测规则,它们能有效用于检测异常路由和可能的攻击行为,这两种规则的不同在于特殊异常检测规则是由大量路由得到的Internet模型来定义。研究了Internet层次模型与ISP商业关系模型的构造,基于这个框架实现了一个原型系统———ISP-Health,最后给出了检测能力结果。

A Rule-based Approach to Anomaly Detection in Inter-domain Routing System

The behaviors of the Inter-domain Routing(IDR) System are becoming rather complicated with the rapid development of the Internet. Security incidents in IDR system have attracted extensive attention among people.This paper proposes a rule-based monitoring framework to secure IDR System,in which the rules can be used to effectively detect anomalous routes and possible attacks.Unlike GADRs,SADRs were defined according to some Internet models that are behavior-models represented by large numbers of normal routes.Furthermore the construction of the Internet Hierarchy Model and ISP Commercial Relationships Model were studied,and methods based on these models were developed to detect hidden route anomalies or attacks.ISP-Health,the prototype of such a monitoring system supported by the above-mentioned framework,was implemented,and its capabilities were exhibited at last.