信息网络安全 ›› 2015, Vol. 15 ›› Issue (11): 33-39.doi: 10.3969/j.issn.1671-1122.2015.11.006

• 技术研究 • 上一篇    下一篇

一种AS-IP宣告关系真实性评估方法研究

胡照明, 刘磊, 尚博文, 朱培栋   

  1. 国防科学技术大学计算机学院,湖南长沙 410073
  • 收稿日期:2015-06-06 出版日期:2015-11-25 发布日期:2015-11-20
  • 作者简介:

    作者简介: 胡照明(1991-),男,黑龙江,硕士研究生,主要研究方向:网络安全;刘磊(1985-),男,吉林,硕士研究生,主要研究方向:网络安全;尚博文(1992-),男,山东,硕士研究生,主要研究方向:网络安全;朱培栋(1971-),男,山东,博士生导师,教授,博士,主要研究方向:新型网络体系结构、网络安全、网络科学。

  • 基金资助:
    国家自然科学基金[61170285]

Research on the Evaluation Method of AS-IP Declaring Relationship Authenticity

HU Zhao-ming, LIU Lei, SHANG Bo-wen, ZHU Pei-dong   

  1. School of Computer, National University of Defense Technology, Changsha Hunan 410073, China
  • Received:2015-06-06 Online:2015-11-25 Published:2015-11-20

摘要:

在BGP网络中,如果一个自治系统(AS)宣告了并不属于它的IP地址前缀,则发生了IP地址前缀劫持。造成IP地址前缀劫持很难发现的原因主要有以下两个方面:1)对于受到前缀劫持影响的AS,当且仅当被劫持的IP地址前缀传递到它所在的AS域才能发现前缀劫持;2)对于网络中的其他AS,由于边界网关协议(BGP)缺乏安全机制验证IP地址前缀的宣告者是否确实拥有此地址,从而导致这些AS即使接收到劫持路由,也无法判断是否确实发生了前缀劫持。针对以上问题,文章提出了一种AS-IP宣告关系真实性评估方法,通过生成历史路由表的宣告关系矩阵,基于空间一致性和时间稳定性来计算AS-IP宣告关系的稳定度,以判断宣告关系的真实性,并生成AS-IP匹配关系知识库。文章对RouteViews及国内运营商的路由数据进行了分析检测,实验结果表明,文章方法不但能够有效判断宣告关系真实性,生成AS-IP匹配关系知识库,而且可以有效发现前缀劫持。

关键词: 域间路由, 宣告关系, 稳定度, 前缀劫持

Abstract:

In BGP network, if an autonomous system (AS) declares an IP address prefix that not belongs to it, and then the network prefix hijack occurs. There are two reasons make prefix hijack difficult to detect: 1) Prefix hijacking will be find by the hijacked AS when and only when the IP address prefix that was hijacked was transmitted to its domain. 2) Because BGP lacks security mechanism to verify the IP address declarer have this IP address, other ASes cannot confirm the prefix hijacking even if they have got the hijacked routes. This paper presents an AS-IP declaring relationship authenticity evaluation method based on spatial consistency and temporal stability, which builds a matrix of declaring relationship according to the history routing tables, calculates a stability degree of this matrix to judge the authenticity of the declaring relationship, and generates an AS-IP matching relation knowledge base. This paper analyses and detects the routing data of RouteViews and domestic operators, and the experiments show that this method can judge the authenticity of the declaring relationship, generate a AS-IP matching relation knowledge base, and detect the prefix hijacking effectively.

Key words: inter-domain routing, declaring relationship, stability, prefix hijacking

中图分类号: