域間路由系統(tǒng)級聯(lián)失效下的目標失效鏈路定位方法研究

曾子懿; 邱菡; 朱俊虎; 王清賢; 陳迪

doi:10.11999/JEIT200008

域間路由系統(tǒng)級聯(lián)失效下的目標失效鏈路定位方法研究

doi: 10.11999/JEIT200008

1.
戰(zhàn)略支援部隊信息工程大學鄭州 450001
2.
國家數(shù)字交換系統(tǒng)工程技術(shù)研究中心鄭州 450001

基金項目: 國家自然科學基金(61502528)

詳細信息

作者簡介:
曾子懿：男，1989年生，講師，研究方向為網(wǎng)絡(luò)安全、路由系統(tǒng)、復(fù)雜網(wǎng)絡(luò)

邱菡：女，1981年生，副教授，研究方向為網(wǎng)絡(luò)安全、復(fù)雜網(wǎng)絡(luò)

朱俊虎：男，1974年生，教授，研究方向為網(wǎng)絡(luò)安全

王清賢：男，1960年生，教授，研究方向為計算理論、網(wǎng)絡(luò)安全

陳迪：女，1992年生，博士生，研究方向為網(wǎng)絡(luò)安全、路由系統(tǒng)、復(fù)雜網(wǎng)絡(luò)

通訊作者:
邱菡　qiuhan410@aliyun.com

中圖分類號: TN915.08
計量
- 文章訪問數(shù): 950
- HTML全文瀏覽量: 356
- PDF下載量: 57
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2020-01-02
- 修回日期: 2020-08-05
- 網(wǎng)絡(luò)出版日期: 2020-08-13
- 刊出日期: 2020-09-27

Research on Target Failure Link Location Method in Inter-domain Routing System Cascading Failure

1.
Information Engineering University, Zhengzhou 450001, China
2.
National Digital Switching System Engineering & Technological Research Center, Zhengzhou 450001, China

Funds: The National Natural Science Foundation of China (61502528)

摘要

摘要: 協(xié)同跨平面會話中斷攻擊(CXPST)通過反復(fù)對多條目標關(guān)鍵鏈路實施低速率拒絕服務(wù)攻擊(LDoS)造成域間路由系統(tǒng)的級聯(lián)失效，從而導(dǎo)致互聯(lián)網(wǎng)的崩潰。在攻擊發(fā)生的初期，準確定位受攻擊的關(guān)鍵鏈路并進行針對性防御可遏制級聯(lián)失效的發(fā)生?，F(xiàn)有定位方法研究主要基于單源假設(shè)，沒有考慮多條目標鏈路同時失效對路徑撤回的影響，定位準確度受限。針對上述問題，該文提出一種基于加權(quán)統(tǒng)計匹配得分的多失效鏈路定位方法(WSFS)，以級聯(lián)失效攻擊目標鏈路選擇策略作為推斷基礎(chǔ)，將撤銷路徑長度的倒數(shù)作為權(quán)重對評分進行加權(quán)?；趯嶋H網(wǎng)絡(luò)拓撲和有利點位置的級聯(lián)失效攻擊仿真實驗結(jié)果表明，WSFS比目前最優(yōu)方法平均準確率可提升5.45%。實驗結(jié)果證明WSFS相比于其他定位方法更適合應(yīng)對域間路由系統(tǒng)級聯(lián)失效下的目標失效鏈路定位問題。
- 多失效鏈路定位 /
- 域間路由系統(tǒng) /
- 級聯(lián)失效 /
- 路徑長度加權(quán)
Abstract: Coordinated Cross Plane Session Termination (CXPST) repeatedly implements Low rate Denial of Service (LDoS) attacks on multiple target critical links, causing the cascading failure of the inter-domain routing system and the collapse of the internet. In the early stages of an attack, accurately locating the critical link under attack and carrying out targeted defense can prevent the occurrence of cascading failures. The research on existing locating methods is mainly based on the single-source hypothesis, and does not consider the impact of simultaneous failure of multiple target links on path withdrawal, so the locating accuracy is limited. To solve the above problems, a locating method is proposed based on Weighted Statistical Fit Score (WSFS). Using the target link selection strategy of cascading failure attack as inferring basis, scores are weighted by the reciprocal of the length of the withdrawal paths. The simulation results based on the actual network topology and vantage point location show that WSFS can improve the average accuracy rate by 5.45% compared with the current optimal method. Experimental results prove that WSFS is more suitable for locating target failure links in inter-domain routing system cascading failure than other locating methods.
- Multiple failure link location /
- Inter-domain routing system /
- Cascading failure /
- Path length weighting

HTML全文

圖 1 雙鏈路失效圖

下載: 全尺寸圖片幻燈片

圖 2 各方法的平均定位準確率

下載: 全尺寸圖片幻燈片

圖 3 WSFS相較4種定位方法的準確率提升

下載: 全尺寸圖片幻燈片

圖 4 各方法定位準確率的標準差

下載: 全尺寸圖片幻燈片

表 1 單失效鏈路定位方法的對比分析

方法	可排序	區(qū)分路徑更新類型	使用路徑撤銷信息	使用可用路徑信息	合作需求
Caesar等人^[15]		√	√	√
Feldmann等人^[16]		√	√	√
Javed等人^[17]		√	√	√	√
Glass等人^[18]	√		√
Ventorim等人^[19]	√	√	√
Holterbach等人^[20]	√	√	√	√

下載: 導(dǎo)出CSV

表 2 各鏈路的WS值

鏈路	WS值
CD	1.00
AC	0.75
BC	0.75
DE	0.50
DF	0.25
EG	0.25

下載: 導(dǎo)出CSV

參考文獻(22)

REKHTER Y, LI T, and HARES S. IETF RFC 4271 A border gateway protocol 4 (BGP-4)[S]. 2006.

SERMPEZIS P, KOTRONIS V, DAINOTTI A, et al. A survey among network operators on BGP prefix hijacking[J]. ACM SIGCOMM Computer Communication Review, 2018, 48(1): 64–69. doi: 10.1145/3211852.3211862

BUTLER K, MCDANIEL P, and AIELLO W. Optimizing BGP security by exploiting path stability[C]. The 13th ACM Conference on Computer and Communications Security, Alexandria, USA, 2006: 298–310.

SCHUCHARD M, THOMPSON C, HOPPER N, et al. Taking routers off their meds: Why assumptions of router stability are dangerous[C]. The 19th Network and Distributed System Security Symposium, San Diego, USA, 2012.

DENG Wenping, ZHU Peidong, LU Xicheng, et al. On Evaluating BGP routing stress attack[J]. Journal of Communications, 2010, 5(1): 13–22.

SCHUCHARD M, MOHAISEN A, FOO KUNE D, et al. Losing control of the internet: Using the data plane to attack the control plane[C]. The 17th ACM Conference on Computer and Communications Security, Chicago, USA, 2010: 726–728.

LI Heshuai, ZHU Junhu, QIU Han, et al. The new threat to internet: DNP attack with the attacking flows strategizing technology[J]. International Journal of Communication Systems, 2015, 28(6): 1126–1139. doi: 10.1002/dac.2748

ZHANG Ying, MAO Z M, WANG J. Low-Rate TCP-targeted DoS attack disrupts internet routing[C]. 2007 Network and Distributed System Security Symposium, San Diego, USA, 2007.

鄭皓, 陳石, 梁友. 關(guān)于“數(shù)字大炮”網(wǎng)絡(luò)攻擊方式及其防御措施的探討[J]. 計算機研究與發(fā)展, 2012, 49(S1): 69–72.

ZHENG Hao, CHEN Shi, and LIANG You. How the cyber weapon “Digital Ordnance” works and its precautionary measures[J]. Journal of Computer Research and Development, 2012, 49(S1): 69–72.

邱菡, 李玉峰, 蘭巨龍, 等. 域間路由系統(tǒng)的級聯(lián)失效攻擊及檢測研究[J]. 中國科學: 信息科學, 2017, 47(12): 1715–1729. doi: 10.1360/N112016-00259

QIU Han, LI Yufeng, LAN Julong, et al. Research on cascading failure attack and detection of inner-domain routing system[J]. Scientia Sinica Informationis, 2017, 47(12): 1715–1729. doi: 10.1360/N112016-00259

QIU Han, ZHU Huihu, LI Yufeng, et al. FD-SP: A method for predicting cascading failures of inter-domain routing system[C]. The 4th IEEE International Conference on Computer and Communications (ICCC), Chengdu, China, 2018: 290–295.

GUO Yi, DUAN Haixin, CHEN Jikun, et al. MAF-SAM: An effective method to perceive data plane threats of inter domain routing system[J]. Computer Networks, 2016, 110: 69–78. doi: 10.1016/j.comnet.2016.09.017

ZHANG Mingwei, LI Jun, and BROOKS S. I-Seismograph: Observing, measuring, and analyzing internet earthquakes[J]. IEEE/ACM Transactions on Networking, 2017, 25(6): 3411–3426. doi: 10.1109/TNET.2017.2748902

ZENG Ziyi, ZHU Junhu, QIU Han, et al. SM-RC: A new security measurement method for inter-domain routing system[J]. IEEE Access, 2019, 7: 108189–108199. doi: 10.1109/ACCESS.2019.2927712

CAESAR M, SUBRAMANIAN L, and KATZ R H. Towards localizing root causes of BGP dynamics[R]. UCB/CSD-04-1302, 2003.

FELDMANN A, MAENNEL O, MAO Z M, et al. Locating Internet routing instabilities[J]. ACM SIGCOMM Computer Communication Review, 2004, 34(4): 205–218. doi: 10.1145/1030194.1015491

JAVED U, CUNHA I, CHOFFNES D, et al. PoiRoot: Investigating the root cause of interdomain path changes[J]. ACM SIGCOMM Computer Communication Review, 2013, 43(4): 183–194. doi: 10.1145/2534169.2486036

GLASS K, COLBAUGH R, and PLANCK M. Automatically identifying the sources of large Internet events[C]. 2010 IEEE International Conference on Intelligence and Security Informatics, Vancouver, Canada, 2010: 108–113.

VENTORIM COMARELA G. On the dynamics of interdomain routing in the Internet[D]. [Ph. D. dissertation], Boston University, 2017.

HOLTERBACH T, VISSICCHIO S, DAINOTTI A, et al. Swift: Predictive fast reroute[C]. 2017 Conference of the ACM Special Interest Group on Data Communication, Los Angeles, USA, 2017: 460–473.

CAIDA. BGP AS links[EB/OL]. http://as-rank.caida.org.

RIPE. RIS raw data[EB/OL]. https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/ris-raw-data, 2019.

相關(guān)文章

施引文獻

資源附件(0)

訪問統(tǒng)計