检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]电子工程学院,合肥230037
出 处:《计算机科学》2014年第8期158-163,共6页Computer Science
基 金:安徽省自然科学基金(1208085QF107)资助
摘 要:提出一种基于聚类的路径伪造检测方法。该方法将相邻时刻路由路径的变化集作为检测对象,以前缀地址所属国家为依据,对路径变化集进行聚类,引入各变化自治域的AS链接概率偏离度、中间国家出现概率和中间国家地理偏离度的定义,在此基础上引入路径级异常检测指标,综合利用这些指标检测路由中的路径伪造异常行为。选用真实的路径伪造事件数据进行实验,结果表明该检测方法较以往的检测方法更为有效、可行。This paper presented a novel algorithm for detecting routing path forging based on aggregation. By selecting change of AS path as the detection object, using the country which the prefix belongs to as the standard, the change of AS path was converged. The definition of AS link probability deviance, intermediate country appearance probability, and intermediate country distance deviance were introduced. Based on these metrics, we introduced path-level detecting me- trics and integrated these metrics to check routing path forging. The data of actual routing path forging event was tested by the proposed method. Experimental results demonstrate that the method is more valid and practical than previous methods.
关 键 词:异常检测 聚类 路由劫持 路径伪造 边界网关协议 AS路径
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.70
