基于路由时间介数的域间路由传播特征分析方法

doi:10.3969/j.issn.1671-1122.2025.07.004

信息网络安全 ›› 2025, Vol. 25 ›› Issue (7): 1044-1052.doi: 10.3969/j.issn.1671-1122.2025.07.004

基于路由时间介数的域间路由传播特征分析方法

刘宇靖¹, 王致林²(), 李鹏飞¹, 王成孝¹

1.国防科技大学计算机学院，长沙 410073
2.国防科技大学军事职业教育技术服务中心，长沙 410073

收稿日期:2024-05-20 出版日期:2025-07-10 发布日期:2025-08-07
通讯作者: 王致林 E-mail:wangzhilin@nudt.edu.cn
作者简介:刘宇靖（1985—），女，山东，副研究员，博士，CCF会员，主要研究方向为网络路由安全|王致林（1983—），男，山东，高级工程师，硕士，主要研究方向为网络安全|李鹏飞（2000—），男，安徽，硕士研究生，主要研究方向为网络路由安全|王成孝（1996—），男，湖南，工程师，本科，主要研究方向为网络安全
基金资助:
国家重点研发计划(2022YFB3104800)

Analysis Method of Inter-Domain Routing Propagation Characteristics Based on Routing Temporal Betweenness

LIU Yujing¹, WANG Zhilin²(), LI Pengfei¹, WANG Chengxiao¹

1. College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China
2. Technical Service Center for Professional Education, National University of Defense Technology, Changsha 410073, China

Received:2024-05-20 Online:2025-07-10 Published:2025-08-07
Contact: WANG Zhilin E-mail:wangzhilin@nudt.edu.cn

摘要/Abstract

摘要：

互联网域间路由系统的安全性与可靠性对保障网络空间安全至关重要，准确分析域间路由的传播特征不仅有助于掌握路由传播的正常状态，还是检测网络路由异常事件的基础，同时也是对当前路由安全增强机制的有力补充。文章提出一种基于路由时间介数的域间路由传播特征分析方法，通过定义自治系统的路由时间介数，刻画自治系统转发特定数据流量的时长占比情况，从而全面反映路由消息在网络中的传播过程与状态特征。从时间维度看，该方法能够建立域间路由系统的正常状态基线；从空间维度看，该方法可以确定与目标网络相关的关键自治系统信息。基于互联网公开的海量域间路由数据与拓扑数据，针对KlaySwap前缀劫持事件、Angola Cables路由泄露事件以及前缀归属变化事件，进行路由传播特征研究，为前缀劫持与路由泄露的异常检测提供了有力支撑。

关键词: 路由安全, 域间路由系统, 路由时间介数, 传播特征

Abstract:

The security and reliability of the inter-domain routing system of the Internet are of great significance for cybersecurity. Understanding the propagation patterns of inter-domain routing is crucial for detecting abnormal network routing events and enhancing routing security measures. The article proposed an analysis method of inter-domain routing propagation characteristics based on routing temporal betweenness. By defining the routing time betweenness centrality of autonomous systems, the proportion of time autonomous system forwards specific data traffic was characterized, thus comprehensively reflecting the propagation process and state characteristics of routing messages in the network. From a temporal perspective, this method could establish a normal baseline for inter domain routing systems. From a spatial perspective, this method could identify key autonomous system information related to the target network. Based on the massive inter domain routing data and topology data publicly available on the Internet, routing propagation characteristics were studied for the KlaySwap prefix hijacking event, the prefix ownership change event and the Angola Cables routing leak event, providing a powerful support for anomaly detection of prefix hijacking and route leakage.

Key words: routing security, inter-domain routing system, routing temporal betweenness, propagation characteristics

中图分类号:

TP309

刘宇靖, 王致林, 李鹏飞, 王成孝. 基于路由时间介数的域间路由传播特征分析方法[J]. 信息网络安全, 2025, 25(7): 1044-1052.

LIU Yujing, WANG Zhilin, LI Pengfei, WANG Chengxiao. Analysis Method of Inter-Domain Routing Propagation Characteristics Based on Routing Temporal Betweenness[J]. Netinfo Security, 2025, 25(7): 1044-1052.

图/表 9

图1

图2

图3

图4

图5

图6

表1

图7

表2

参考文献 24

[1]	LIU Yujing, WANG Zhilin, LI Nan. A Case Study of Detecting and Characterizing Large-Scale Prefix Hijackings in the Internet[C]// ACM. The 2017 VI International Conference on Network, Communication and Computing. New York: ACM, 2017: 110-114.
[2]	AMEET N. Anatomy of a BGP Hijack on Amazon’s Route 53 DNS Service[EB/OL]. (2018-04-25) [2024-05-08]. https://www.thousandeyes.com/blog/amazon-route-53-dns-and-bgp-hijack.
[3]	DAN G. BGP Event Sends European Mobile Traffic through China Telecom for 2 Hours Improper Leak to Chinese-Government-Owned Telecom Lasts up to Two Hours[EB/OL]. (2019-06-08) [2024-05-08]. https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/.
[4]	ZOU Hui, MA Di, SHAO Qing, et al. A Survey of the Resource Public Key Infrastructure[J]. Chinese Journal of Computers, 2022, 45(5): 1100-1132.
	邹慧, 马迪, 邵晴, 等. 互联网码号资源公钥基础设施(RPKI)研究综述[J]. 计算机学报, 2022, 45(5): 1100-1132.
[5]	AL-ROUSAN N M, TRAJKOVIĆ L. Machine Learning Models for Classification of BGP Anomalies[C]// IEEE. 2012 IEEE 13th International Conference on High Performance Switching and Routing. New York: IEEE, 2012: 103-108.
[6]	LI Jun, DOU Dejing, WU Zhen, et al. An Internet Routing Forensics Framework for Discovering Rules of Abnormal BGP Events[J]. Computer Communication Review, 2005, 35(5): 55-66.
[7]	AL-MUSAWI B, BRANCH P, ARMITAGE G. BGP Anomaly Detection Techniques: A Survey[J]. IEEE Communications Surveys & Tutorials, 2017, 19(1): 377-396.
[8]	THEODORIDIS G, TSIGKAS O, TZOVARAS D. A Novel Unsupervised Method for Securing BGP against Routing Hijacks[C]// Springer. Computer and Information Sciences III. Heidelberg: Springer, 2013: 21-29.
[9]	LIU Yujing, LUO Xiapu, CHANG R K C, et al. Characterizing Inter-Domain Rerouting by Betweenness Centrality after Disruptive Events[J]. IEEE Journal on Selected Areas in Communications, 2013, 31(6): 1147-1157.
[10]	DESHPANDE S, THOTTAN M, HO T K, et al. An Online Mechanism for BGP Instability Detection and Analysis[J]. IEEE Transactions on Computers, 2009, 58(11): 1470-1484.
[11]	SHAPIRA T, SHAVITT Y. AP2Vec: An Unsupervised Approach for BGP Hijacking Detection[J]. IEEE Transactions on Network and Service Management, 2022, 19(3): 2255-2268.
[12]	Route Views. University of Oregon Route Views Project[EB/OL]. [2024-05-08]. https://www.routeviews.org/routeviews/.
[13]	RIPE NCC. Routing Information Service (RIS)[EB/OL]. [2024-05-08]. https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/.
[14]	CAIDA. AS Relationships[EB/OL]. (2020-04-27) [2024-05-08]. https://www.caida.org/catalog/datasets/as-relationships/.
[15]	DENG Wenping, MÜHLBAUER W, YANG Yuexiang, et al. Shedding Light on the Use of AS Relationships for Path Inference[J]. Journal of Communications and Networks, 2012, 14(3): 336-345.
[16]	HOU Bingnan, CAI Zhiping, WU Kui, et al. 6Scan: A High-Efficiency Dynamic Internet-Wide IPv6 Scanner with Regional Encoding[J]. IEEE/ACM Transactions on Networking, 2023, 31(4): 1870-1885.
[17]	ARIN. American Registry for Internet Numbers[EB/OL]. [2024-05-08]. https://www.arin.net/about/.
[18]	RIPE. Reseaux IP Europeens[EB/OL]. [2024-05-08]. https://www.ripe.net/about-us/what-we-do/regional-internet-registry/.
[19]	APNIC. Asia Pacific Network Information Center[EB/OL]. [2024-05-08]. https://www.apnic.net/about-apnic/organization/.
[20]	LACNIC. Latin America and the Caribbean Information Center[EB/OL]. [2024-05-08]. https://www.lacnic.net/1004/2/lacnic/about-lacnic.
[21]	AFRINIC. African Network Information Centre[EB/OL]. [2024-05-08]. https://www.afrinic.net/about.
[22]	Aftab Siddiqui. KlaySwap-Another BGP Hijack Targeting Crypto Wallets[EB/OL]. (2022-02-17) [2024-05-08]. https://manrs.org/2022/02/klayswap-another-bgp-hijack-targeting-crypto-wallets/.
[23]	Aftab Siddiqui. BGP Route Leak at Angola Cables Slows Connectivity for Many Australians[EB/OL]. (2023-05-25) [2024-05-08]. https://manrs.org/2023/05/bgp-route-leak-at-angola-cables-slows-connectivity-for-many-australians/.
[24]	Aftab Siddiqui. Did Ukraine Suffer a BGP Hijack and How Can Networks Protect Themselves??[EB/OL]. (2022-03-04) [2024-05-08]. https://manrs.org/2022/03/did-ukraine-suffer-a-bgp-hijack-and-how-can-networks-protect-themselves/.

AS号	路由时间介数	时段
AS197726	1.00	变更前
AS34700	0.62	变更前
AS9002	0.59	变更前
AS62206	0.34	变更前
AS6939	0.31	变更前
AS3356	0.31	变更前
AS210512	1.00	变更后
AS39238	1.00	变更后
AS28917	0.55	变更后
AS3257	0.48	变更后
AS42861	0.45	变更后
AS3356	0.15	变更后
AS6939	0.12	变更后

分析方法	基于路由时间介数分析方法	基于BGP路由更新消息统计数据分析方法	基于路由更新消息AS路径的分析方法	基于神经网络嵌入技术的分析方法
KlaySwap前缀劫持事件	▲△	—	△	▲
Angola Cables路由泄露事件	▲△	—	△	▲
前缀归属变化事件	▲△	—	△	▲

基于路由时间介数的域间路由传播特征分析方法

Analysis Method of Inter-Domain Routing Propagation Characteristics Based on Routing Temporal Betweenness

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 24

相关文章 1

编辑推荐

Metrics

本文评价