基于规则的域间路由系统异常检测  被引量:4

A Rule-based Approach to Anomaly Detection in Inter-domain Routing System

在线阅读下载全文

作  者:刘欣[1] 朱培栋[1] 米强[2] 杨明军[1] 

机构地区:[1]国防科技大学计算机学院,湖南长沙410073 [2]国家计算机网络与信息安全管理中心,北京100029

出  处:《国防科技大学学报》2006年第3期71-76,共6页Journal of National University of Defense Technology

基  金:国家863高技术发展计划资助项目(2005AA121570);现代通信国家重点实验室基金资助项目(51436050605KG0102)

摘  要:随着Internet的爆炸性增长,域间路由系统变得越来越复杂并难以控制,许多与域间路由安全相关的事件广泛引起了人们的关注。提出一个基于规则的域间路由监测框架,其中的规则可分为常规异常检测规则和特殊异常检测规则,它们能有效用于检测异常路由和可能的攻击行为,这两种规则的不同在于特殊异常检测规则是由大量路由得到的Internet模型来定义。研究了Internet层次模型与ISP商业关系模型的构造,基于这个框架实现了一个原型系统———ISP-Health,最后给出了检测能力结果。The behaviors of the Inter-domain Routing (IDR) System are becoming rather complicated with the rapid development of the Intemet. Security incidents in IDR system have attracted extensive attention among people. This paper proposes a rule-based monitoring framework to secure IDR System, in which the rules can be used to effectively detect anomalous routes and possible attacks. Unlike GADRs, SADRs were defined according to some Intemet models that are behavior-models represented by large numbers of normal routes. Furthermore the construction of the Intemet Hierarchy Model and ISP Commercial Relationships Model were studied, and methods based on these models were developed to detect hidden route anomalies or attacks. ISP-Health, the prototype of such a monitoring system supported by the above-mentioned framework, was implemented, and its capabilities were exhibited at last.

关 键 词:域间路由 异常路由 路由攻击 检测规则 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象