【作者】 邓文平；

【导师】 卢锡城； 朱培栋；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2006， 硕士

【摘要】 国家的经济建设和社会发展对全球Internet的依赖性越来越强。基于BGP协议构造的域间路由系统是Internet的基础设施,目前仍面临多种恶意攻击的威胁且易受人为错误的影响。近年来,对Internet域间路由安全的研究受到极大关注,已成为Internet领域中的一个研究热点。由于S-BGP等安全协议机制的部署存在重重障碍,要基于现有网络设备确保域间路由系统的健康,域间路由监测是非常实际和真正能够发挥效用的技术途径,它具有可扩展性好、方便部署以及不需对现有协议修改等特点。本文针对现有域间路由监测系统的不足,提出了一种域间路由安全监测系统ISP-View的层次模型,研究该模型下的若干关键技术,设计并实现了该监测系统。建立了监测系统的关系数据库模型,给出了网络知识库、Internet模型库、Internet域间路由信息与异常库、本地BGP路由信与异常库的详细设计。着重研究了路由表的压缩存储:对单个路由表内部,通过关系拆分对数据库模型进行规范化处理,去除了关系内部的数据冗余;对多个路由表之间的压缩提出了一种基于时间戳的增量式无损压缩算法,新增的时间戳字段方便了多路由表的联合分析和检测。系统实现了对路由表的高效检测。通过对BGP路由表的语法和语义分析,将BGP路由表中的异常检测规则分为战略性规则、一般规则和特殊规则,设计并实现了基于异常检测规则的检测引擎,对路由信息库进行单视图异常检测、多视图异常检测和本地应用策略检查,构造路由信息异常库。改进了现有的基于力学模型的拓扑展示计算模型,提出了基于磁场-弹簧的力学模型实现网络拓扑图的动态展示。将算法应用于ISP-View中,可以展示不同粒度下的网络拓扑结构,动态显示路由系统的安全状态,实现对域间路由的异常行为的安全监测。将模拟退火算法用于ISP-View中大规模拓扑的离线静态拓扑展示。最后,给出了域间路由监测系统的详细设计,实现了一个Internet域间路由监测系统原型——ISP-View,并给出了系统ISP-View的一些应用实例。更多还原

【Abstract】 National economy and society development become more dependent on the global Internet. Inter-domain routing system based on BGP is the key routing infrastructure of the Internet. Currently it is prone to imprudence errors and is menaced by many aggressive attacks. In recent years, the researches about security of inter-domain routing of the Internet have attracted great attentions, and are being hot research points.Since the deployment of the secure protocol mechanisms, such as S-BGP, is confronted with many obstacles, monitoring is an effective and practical method to ensure the healthy inter-domain routing system based on the current network devices, for it is extensible and can be deployed conveniently, as well as it doesn’t have to modify the current protocol. In this paper, we propose a hierarchical monitoring model ISP-View for inter-domain routing system, which can detect anomalous routes and avoid the deficiencies of other monitoring systems. Some key technologies about this model are also researched, and the system is designed and implemented. First, we establish the relational database model of the monitoring system and present the detailed design of database, which includes database of the network knowledge, database of the Internet model, database of the Internet BGP routing information and anomaly routing, database of the local BGP routing information and anormoulas routing. We mainly focus on the compression of the route tables: for compression of a single route table, we perform the data base normalization by partitioning the relations; for multiple route tables, we propose a delta lossless compression algorithm which is based on time stamp which facilitates the joint analysis and detection among different route tables.Anomaly detection of high performance is implemented in our system. We apply the syntactic and semantic analysis in BGP routing tables, and classify anomaly detection rules into strategic rules, general rules and special rules. Then we design and implement of the anomaly detection engine based on these rules. By the single-view checking, multi-view checking and local application strategy checking, we establish the routing anomaly database.For visualization of detection results, we improve the topological display model, and propose a spring-field model of the dynamic displaying of the network topology map. By applying our algorithm into ISP-View, The network topologies can be displayed in different levels so as to show the routing system safety dynamically and monitor the abnormal behavior of the Inter-domain Routing system. Simulated annealing algorithm is applied to static topology offline display in our system.Finally, we present the detailed design of the inter-domain routing monitoring system. A prototype of the Internet BGP routing monitoring is implemented and some application examples are presented in the end of this paper.更多还原