基于路由证据的域间路由不一致路径恶意自治系统检测机制  被引量：1

作　　者：蒋健[1] 李伟[1] 罗军舟[1] 陆悠[1] 夏怒[1] 

机构地区：[1]东南大学计算机科学与工程学院,南京211189

出　　处：《计算机学报》2016年第6期1147-1161,共15页Chinese Journal of Computers

基　　金：国家自然科学基金(61320106007);国家"八六三"高技术研究发展计划项目基金(2013AA013503);高等学校博士点专项科研基金(20110092130002);江苏省未来网络创新研究院未来网络前瞻性研究项目(BY2013095-2-07);教育部计算机网络与信息集成重点实验室(东南大学)(93K-9);江苏省网络与信息安全重点实验室资助项目(BM2003201);住建部科学技术计划项目(2015-K6-012)资助

摘　　要：域间路由系统中,自治系统依据路由策略选择报文转发路径,并将路径通告给邻居自治系统.为了追求更多的网络利益,自治系统向邻居自治系统通告的路径可能并不是实际转发报文的路径,从而产生域间路由路径不一致的问题.域间路由不一致路径不仅欺骗正常自治系统的路由选路过程,损害其网络利益,而且对域间路由的稳定性也会造成严重影响.现有的检测机制主要关注不一致路径的检测,没有致力于发现导致路径不一致的恶意自治系统,无法为后续解决路径不一致的问题提供支撑.该文提出一种域间路由不一致路径恶意自治系统检测机制,采用路由证据将自治系统的路由行为与自治系统本身相绑定.路径源自治系统对路径中其他自治系统进行逆序比较路由证据,确定可疑自治系统,然后查询离自身较近的可疑自治系统的直接上游自治系统的路由通告历史记录,对可能接收可疑自治系统报文的自治系统请求路由证据,根据比较结果最终确定恶意自治系统.实验结果表明,该文的检测机制在查全率和查准率两个指标上均优于现有的检测机制,有效提高了检测不一致路径中恶意自治系统的准确率.Autonomous System（AS）applies its own routing policy to select the data forwarding path and announce the path to neighbor domains in the interdomain routing system.To obtain more revenues,AS may announce the path which is inconsistent with the actual data forwarding path to neighbor domains,which causes the path inconsistency problem.The inconsistent path not only cheats the path selection of rational Autonomous Systems,but also harms their network revenues.Even the stability of Internet is destroyed seriously.Previous work only focused on the discovery of inconsistent path,and did not try to detect the malicious AS in the path,which could not support the following work on the problem.In this paper,we presented a malicious AS detection mechanism for the interdomain routing inconsistent path.It used routing evidence to bind Autonomous Systems with their routing behaviors.Source AS compared the routing evidence with other Autonomous Systems in the path to get the suspicious nodes.Source AS collected Route Log from the direct upstream node of suspicious node which closest to itself,and then itcompared the routing evidence with the nodes which may receive packets from the suspicious node to discover the malicious AS.The experiment results showed that our mechanism had a better performance than previous work from aspects of recall ratio and precision ratio,which could improve malicious AS detection.

关 键 词：域间路由 路径不一致问题 恶意自治系统检测机制 路由证据 互联网 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]