【作者】 刘建峰；

【导师】 姜新文；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2011， 硕士

【摘要】 Internet对国家的经济建设和社会发展发挥的作用越来越大。基于BGP协议构造的域间路由系统是Internet的基础设施,目前仍面临多种恶意攻击的威胁且易受人为错误的影响。近年来,对Internet域间路由安全的研究受到极大关注,已成为Internet领域中的一个研究热点。随着IPv4地址空间消耗殆尽,IPv6网络的全面部署变得更加迫切,这对Internet的域间路由安全研究提出了新的要求。同时,由于S-BGP等安全协议机制的部署存在重重障碍,要基于现有网络设备确保域间路由系统的健康,域间路由监测是非常实际和真正能够发挥效用的技术途径。本文面向IPv6网络对于域间路由异常检测技术进行了研究,所做工作主要体现在以下几个方面:1、从地址结构与分类、分配策略、IP层协议和网络安全机制四个方面比较了IPv6网络和IPv4网络;对比了BGP4+协议和BGP-4协议;考查了IPv6的部署和运行情况,比较了IPv4网络和IPv6网络的规模,指出由于隧道技术和翻译技术的应用,IPv6的域间路由安全对于IPv4网络存在依赖关系。2、借鉴网络科学的思想提出了从数据流量的角度评价自治系统相对于指定自治系统或自治系统集合重要性的指标——边缘介数;进而基于边缘介数优化了Tier-1层自治系统的推断算法,这为面向IPv6网络的违反“无谷底”原则异常检测,以及在监测过程中关键自治系统和网络的选取提供了依据。3、面向IPv6网络深入研究了域间路由异常及其检测技术。发现了前缀过长、ASPath为空和ASPath杂糅三种新异常,修正了DUSA异常(Documentation Special Use IP Address,特殊用途IP地址)和私有自治系统异常的判定规则,并提出了相应的检测算法;面向IPv6网络分析了其他域间路由异常。4、基于上述关键技术,对面向IPv6网络的域间路由监测系统进行了设计和实现,使其能够兼容面向IPv4网络的域间路由异常检测技术;比较了IPv6网络和IPv4网络中所发现的域间路由异常,并从影响范围的角度分析了IPv6网络中所发现的域间路由异常的具体情况。本文面向IPv6网络对域间路由异常及其检测技术进行了深入研究。研究发现IPv6网络虽然正处于商业化部署的初始阶段,但已存在IPv4网络中发现的所有域间路由异常,并有新的异常被发现;同时发现由于隧道技术和翻译技术的使用,IPv6网络的域间路由安全对于IPv4网络存在依赖关系。更多还原

【Abstract】 The Internet is playing an increasingly important role in the national construction and society development. As the key information infrastructure of Internet, BGP based inter-domain routing system is currently threatened by malicious attacks and human errors. In recent years, inter-domain routing security has drawn significant attentions from academic and industrial communities.With the exhaustion of IPv4 adderss space, it becomes urgent to deploy IPv6, which raises new demands on the security of inter-domain routing. Meanwhile, there are many barriers for the security mechanisms such as S-BGP to deploy, and the monitoring of inter-domain routing is a pratical and efficient way to secure inter-domain routing via current networking facility. This paper focuses on the detection of inter-domain routing anomaly in IPv6 networks, and our contributions are summarized as follows:1) In terms of address structure and category, allocation policy, IP Protocol and security schemes in IP layer, we compare the IPv6 networks and IPv4 networks, and we also compare the protocol BGP4+ and BGP-4 to find the difference impacting the inter-domain routing security. We investigate the deployment situation of IPv6 networks, and find that the security of inter-domain routing in IPv6 networks is relying on the IPv4 networks due to the use of tunnel technology and translation technology.2) Drawing experience from network science, we propose a new metric Marginal Betweenness to characterize the importance of an AS (Autonomous System) to a particular AS or a group of ASes from the perspective of Internet traffic. Based on this new metric, we optimize the inference algorithm of Tier-1 ASes by incorporating the traffic characteristics that each Tier-1 AS should forward a significant portion of traffic for its Tier-1 partners. This optimization can significantly improve the detection of valley-free violations, as well as the selection of key ASes and networks in the monitoring of inter-domain routing system.3) To study the anomalies of inter-domain for IPv6 network and its detection technology, we firstly investigate the anomalies newly found in IPv6 networks, including too-long prefix, empty ASPath and ASPath hybridity, by analyzing the potential causes and damages they can cause. Secondly we revise the detection rules of DUSA anomaly and private AS number anomaly, which suffer great changes in IPv6 enviroment, or cannot effctively distinguish normality and anomal. Finally oriented to IPv6 networks, we analysize the cause and impact of the other anomalies found in IPv4 networks .4) Based on the approaches above, we design and implement an inter-domain routing monitoring system which is completely compatible with the IPv4 anomaly detection and IPv6 anomaly detection, and compare the anomalies detected in IPv6 networks with those in IPv4 networks, and finally conclude this paper by analyzing the impact scope of various IPv6 routing anomalies.This paper makes a research on the inter-domain anomaly detection for IPv6 network. In the research, we find that though the significant commercial deployment of IPv6 networks just started, the sorts of anomalies previously found in IPv4 networks have been found in IPv6 network, and we also found several new types of anomalies. Meanwhile, by analysizing the transition from IPv4 to IPv6, we find that in the transition process the security of inter-domain routing in IPv6 networks is relying on the IPv4 networks.更多还原