【作者】 李凯；

【导师】 朱培栋；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2005， 硕士

【摘要】 域间路由系统是Internet的基础设施和网络的关键支撑。然而，由于其自身的脆弱性而存在许多安全方面的问题。业界目前开展的工作主要集中在域间路由系统的三个平面：管理平面、控制平面与转发平面。我们深入分析了当前关于域间路由安全的研究工作，认为由于S-BGP等新型域间路由协议的部署存在重重障碍，要基于现有网络设备确保域间路由系统的健康，管理平面的域间路由监测是非常实际和真正能够发挥效用的技术途径。 本文从域间路由监测的角度出发，基于路由异常行为规则库和流量模式设计并实现了一个域间路由安全实时监测系统。我们主要开展了以下工作： 1、研究域间路由安全问题，考察已发生的域间路由安全事件，分析当前域间路由保护机制以及各种监测技术的不足，最后提出了一个域间路由安全实时监测系统模型； 2、设计了两个检测算法，基于学习的异常流量行为检测算法和基于规则库的异常路由行为检测算法。算法对整个系统的设计起到了指导意义，使得系统对异常的检测在保证准确性的同时也具备了良好的实时性和可扩展性； 3、实现了一个基于流量模式和异常路由判定规则的域间路由安全实时监测系统BGP-Censor。系统不仅具有单个监测点独立监测的能力，而且具备了基于多视图的分布式监测的能力，采用视图共享的方式，分析从各个报文采集点收集的BGP表，使得系统能够发现基于复杂拓扑结构的路由异常； 4、为了对BGP-Censor的功能进行验证和系统调测，我们开发了一系列域间路由测试工具。利用这些工具我们进行了一些BGP-Censor的系统实验； 5、基于IPv6特色安全问题，我们扩展了BGP-Censor对IPv6的支持，进一步增强了系统的能力。更多还原

【Abstract】 Inter-domain routing system is critical part of the global communications infrastructure. However as a key part of the Internet, inter-domain routing system has severe healthy problems because of its own frangibility.After analyzing current issues and researches about the security of inter-domain routing deeply, we conclude that the problem should be studied at three levels of inter-domain routing system, which are management plane, control plane and forwarding plane. Since the deployment of the new inter-domain routing protocol, e.g. S-BGP, is confronted with many obstacles, monitoring is an effectinve and pratical method to ensure the healthy inter-domain routing system base on the current network devices. The main contributions are follows:1. Research about security problem of Inter-domain route. We design a real-time security monitoring system which has real-time ability to detect anomaly of traffic and illegal route after reviewing security accident of Inter-domain route, analyzing the protection of Inter-domain route and deficiencies of existent monitoring systems.2. Design two detect arithmetics. Detection for anomalous traffic behavior base on learning and anomaly route base on ruler date-base. Design of whole system under the direction of arithmetics before.3. Implementation of Real-Time Security Monitoring System. We call the system Packet-Censor. It is proved that Packet-Censor has ability of traffic pattern monitoring and anomalous routes monitoring. To detect latent anomalous routes system uses view-sharing to analyze BGP-Table collected from monitors. This method gives system ability to detect anomalous routes base on more complex topology.4. We design and implement a series of initiative testing tools for test and experiment of system.5. Extend system ability to support inter-domain monitoring under IPv6.更多还原