高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

域间路由系统级联失效下的目标失效链路定位方法研究

曾子懿 邱菡 朱俊虎 王清贤 陈迪

曾子懿, 邱菡, 朱俊虎, 王清贤, 陈迪. 域间路由系统级联失效下的目标失效链路定位方法研究[J]. 电子与信息学报, 2020, 42(9): 2134-2141. doi: 10.11999/JEIT200008
引用本文: 曾子懿, 邱菡, 朱俊虎, 王清贤, 陈迪. 域间路由系统级联失效下的目标失效链路定位方法研究[J]. 电子与信息学报, 2020, 42(9): 2134-2141. doi: 10.11999/JEIT200008
Ziyi ZENG, Han QIU, Junhu ZHU, Qingxian WANG, Di CHEN. Research on Target Failure Link Location Method in Inter-domain Routing System Cascading Failure[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2134-2141. doi: 10.11999/JEIT200008
Citation: Ziyi ZENG, Han QIU, Junhu ZHU, Qingxian WANG, Di CHEN. Research on Target Failure Link Location Method in Inter-domain Routing System Cascading Failure[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2134-2141. doi: 10.11999/JEIT200008

域间路由系统级联失效下的目标失效链路定位方法研究

doi: 10.11999/JEIT200008
基金项目: 国家自然科学基金(61502528)
详细信息
    作者简介:

    曾子懿:男,1989年生,讲师,研究方向为网络安全、路由系统、复杂网络

    邱菡:女,1981年生,副教授,研究方向为网络安全、复杂网络

    朱俊虎:男,1974年生,教授,研究方向为网络安全

    王清贤:男,1960年生,教授,研究方向为计算理论、网络安全

    陈迪:女,1992年生,博士生,研究方向为网络安全、路由系统、复杂网络

    通讯作者:

    邱菡 qiuhan410@aliyun.com

  • 中图分类号: TN915.08

Research on Target Failure Link Location Method in Inter-domain Routing System Cascading Failure

Funds: The National Natural Science Foundation of China (61502528)
  • 摘要: 协同跨平面会话中断攻击(CXPST)通过反复对多条目标关键链路实施低速率拒绝服务攻击(LDoS)造成域间路由系统的级联失效,从而导致互联网的崩溃。在攻击发生的初期,准确定位受攻击的关键链路并进行针对性防御可遏制级联失效的发生。现有定位方法研究主要基于单源假设,没有考虑多条目标链路同时失效对路径撤回的影响,定位准确度受限。针对上述问题,该文提出一种基于加权统计匹配得分的多失效链路定位方法(WSFS),以级联失效攻击目标链路选择策略作为推断基础,将撤销路径长度的倒数作为权重对评分进行加权。基于实际网络拓扑和有利点位置的级联失效攻击仿真实验结果表明,WSFS比目前最优方法平均准确率可提升5.45%。实验结果证明WSFS相比于其他定位方法更适合应对域间路由系统级联失效下的目标失效链路定位问题。
  • 图  1  双链路失效图

    图  2  各方法的平均定位准确率

    图  3  WSFS相较4种定位方法的准确率提升

    图  4  各方法定位准确率的标准差

    表  1  单失效链路定位方法的对比分析

    方法可排序区分路径更新类型使用路径撤销信息使用可用路径信息合作需求
    Caesar等人[15]
    Feldmann等人[16]
    Javed等人[17]
    Glass等人[18]
    Ventorim等人[19]
    Holterbach等人[20]
    下载: 导出CSV

    表  2  各链路的WS值

    链路WS值
    CD1.00
    AC0.75
    BC0.75
    DE0.50
    DF0.25
    EG0.25
    下载: 导出CSV
  • REKHTER Y, LI T, and HARES S. IETF RFC 4271 A border gateway protocol 4 (BGP-4)[S]. 2006.
    SERMPEZIS P, KOTRONIS V, DAINOTTI A, et al. A survey among network operators on BGP prefix hijacking[J]. ACM SIGCOMM Computer Communication Review, 2018, 48(1): 64–69. doi: 10.1145/3211852.3211862
    BUTLER K, MCDANIEL P, and AIELLO W. Optimizing BGP security by exploiting path stability[C]. The 13th ACM Conference on Computer and Communications Security, Alexandria, USA, 2006: 298–310.
    SCHUCHARD M, THOMPSON C, HOPPER N, et al. Taking routers off their meds: Why assumptions of router stability are dangerous[C]. The 19th Network and Distributed System Security Symposium, San Diego, USA, 2012.
    DENG Wenping, ZHU Peidong, LU Xicheng, et al. On Evaluating BGP routing stress attack[J]. Journal of Communications, 2010, 5(1): 13–22.
    SCHUCHARD M, MOHAISEN A, FOO KUNE D, et al. Losing control of the internet: Using the data plane to attack the control plane[C]. The 17th ACM Conference on Computer and Communications Security, Chicago, USA, 2010: 726–728.
    LI Heshuai, ZHU Junhu, QIU Han, et al. The new threat to internet: DNP attack with the attacking flows strategizing technology[J]. International Journal of Communication Systems, 2015, 28(6): 1126–1139. doi: 10.1002/dac.2748
    ZHANG Ying, MAO Z M, WANG J. Low-Rate TCP-targeted DoS attack disrupts internet routing[C]. 2007 Network and Distributed System Security Symposium, San Diego, USA, 2007.
    郑皓, 陈石, 梁友. 关于“数字大炮”网络攻击方式及其防御措施的探讨[J]. 计算机研究与发展, 2012, 49(S1): 69–72.

    ZHENG Hao, CHEN Shi, and LIANG You. How the cyber weapon “Digital Ordnance” works and its precautionary measures[J]. Journal of Computer Research and Development, 2012, 49(S1): 69–72.
    邱菡, 李玉峰, 兰巨龙, 等. 域间路由系统的级联失效攻击及检测研究[J]. 中国科学: 信息科学, 2017, 47(12): 1715–1729. doi: 10.1360/N112016-00259

    QIU Han, LI Yufeng, LAN Julong, et al. Research on cascading failure attack and detection of inner-domain routing system[J]. Scientia Sinica Informationis, 2017, 47(12): 1715–1729. doi: 10.1360/N112016-00259
    QIU Han, ZHU Huihu, LI Yufeng, et al. FD-SP: A method for predicting cascading failures of inter-domain routing system[C]. The 4th IEEE International Conference on Computer and Communications (ICCC), Chengdu, China, 2018: 290–295.
    GUO Yi, DUAN Haixin, CHEN Jikun, et al. MAF-SAM: An effective method to perceive data plane threats of inter domain routing system[J]. Computer Networks, 2016, 110: 69–78. doi: 10.1016/j.comnet.2016.09.017
    ZHANG Mingwei, LI Jun, and BROOKS S. I-Seismograph: Observing, measuring, and analyzing internet earthquakes[J]. IEEE/ACM Transactions on Networking, 2017, 25(6): 3411–3426. doi: 10.1109/TNET.2017.2748902
    ZENG Ziyi, ZHU Junhu, QIU Han, et al. SM-RC: A new security measurement method for inter-domain routing system[J]. IEEE Access, 2019, 7: 108189–108199. doi: 10.1109/ACCESS.2019.2927712
    CAESAR M, SUBRAMANIAN L, and KATZ R H. Towards localizing root causes of BGP dynamics[R]. UCB/CSD-04-1302, 2003.
    FELDMANN A, MAENNEL O, MAO Z M, et al. Locating Internet routing instabilities[J]. ACM SIGCOMM Computer Communication Review, 2004, 34(4): 205–218. doi: 10.1145/1030194.1015491
    JAVED U, CUNHA I, CHOFFNES D, et al. PoiRoot: Investigating the root cause of interdomain path changes[J]. ACM SIGCOMM Computer Communication Review, 2013, 43(4): 183–194. doi: 10.1145/2534169.2486036
    GLASS K, COLBAUGH R, and PLANCK M. Automatically identifying the sources of large Internet events[C]. 2010 IEEE International Conference on Intelligence and Security Informatics, Vancouver, Canada, 2010: 108–113.
    VENTORIM COMARELA G. On the dynamics of interdomain routing in the Internet[D]. [Ph. D. dissertation], Boston University, 2017.
    HOLTERBACH T, VISSICCHIO S, DAINOTTI A, et al. Swift: Predictive fast reroute[C]. 2017 Conference of the ACM Special Interest Group on Data Communication, Los Angeles, USA, 2017: 460–473.
    CAIDA. BGP AS links[EB/OL]. http://as-rank.caida.org.
    RIPE. RIS raw data[EB/OL]. https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/ris-raw-data, 2019.
  • 加载中
图(4) / 表(2)
计量
  • 文章访问数:  932
  • HTML全文浏览量:  344
  • PDF下载量:  57
  • 被引次数: 0
出版历程
  • 收稿日期:  2020-01-02
  • 修回日期:  2020-08-05
  • 网络出版日期:  2020-08-13
  • 刊出日期:  2020-09-27

目录

    /

    返回文章
    返回