基于最优有效路径的域间路由系统级联失效模型

doi:10.3969/j.issn.1671-1122.2021.05.011

信息网络安全 ›› 2021, Vol. 21 ›› Issue (5): 90-99.doi: 10.3969/j.issn.1671-1122.2021.05.011

基于最优有效路径的域间路由系统级联失效模型

张俊¹^,², 王永杰¹^,²(), 张敬业¹^,², 杨林¹^,²

1.国防科技大学电子对抗学院,合肥 230037
2.安徽省网络空间安全态势感知与评估重点实验室,合肥 230037

收稿日期:2020-09-22 出版日期:2021-05-10 发布日期:2021-06-22
通讯作者: 王永杰 E-mail:w_yong_j@189.cn
作者简介:张俊（1994—）,男,安徽,硕士研究生,主要研究方向为网络空间安全和复杂网络|王永杰（1974—）,男,安徽,副教授,博士,主要研究方向为网络空间安全、风险评估和信息系统建模|张敬业（1985—）,男,安徽,讲师,硕士,主要研究方向为网络态势感知和网络空间安全|杨林（1995—）,男,湖南,硕士研究生,主要研究方向为网络空间安全和群体智能
基金资助:
国家自然科学基金(61802422)

Cascading Failure Model for Inter-domain Routing System Based on Optimal Valid Path

ZHANG Jun¹^,², WANG Yongjie¹^,²(), ZHANG Jingye¹^,², YANG Lin¹^,²

1. College of Electronic Engineering, National University of Defense Technology, Hefei 230037, China
2. Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation, Hefei 230037, China

Received:2020-09-22 Online:2021-05-10 Published:2021-06-22
Contact: WANG Yongjie E-mail:w_yong_j@189.cn

摘要/Abstract

摘要：

域间路由系统级联失效对域间路由网络安全影响较大,因此有必要对级联失效建模并进行深入研究。文章在分析域间路由网络商业关系和路由策略的基础上,提出了符合实际情况的最优有效路径发现算法和VIRS介数,基于VIRS介数定义链路初始负载和容量,基于最优有效路径发现算法设计负载重分配过程,进而构建域间路由系统级联失效模型。模型弥补了已有研究的一些短板,既分开考虑了节点和链路的失效原因,也加入了节点和链路的恢复机制。算法复杂度分析和实验说明了最优有效路径发现算法的有效性和准确性,模型仿真实验研究了不同参数及恢复机制对级联失效的影响。研究结果对分析域间路由系统级联失效成因和维护网络安全以防发生级联失效有一定参考和借鉴作用。

关键词: 复杂网络, 域间路由系统, 网络攻击, 仿真模型, 级联失效

Abstract:

The cascading failure of the inter-domain routing system has a great impact on the security of inter-domain routing network, so it is necessary to conduct an in-depth study on cascading failure modeling. Based on the analysis of business relationship and routing strategy of inter-domain routing network, this paper proposes an optimal valid path discovery algorithm and VIRS betweenness in line with the actual situation, defines the initial load and capacity of links based on the VIRS betweenness, designs the load redistribution process based on the optimal valid path discovery algorithm, and then constructs a cascading failure model of inter-domain routing system. The model complements the shortcomings of existing studies by considering the failure causes of nodes and links separately and adding recovery mechanisms of nodes and links. The algorithm complexity analysis and experiment show the effectiveness and accuracy of the optimal valid path discovery algorithm. The model simulation experiment studies the influence of different parameters and recovery mechanisms on cascading failure. The research results are useful for analyzing the causes of cascade failure in inter-domain routing system and maintaining network security against cascade failure.

Key words: complex network, inter-domain routing system, cyber attack, simulation model, cascading failure

中图分类号:

TP309

张俊, 王永杰, 张敬业, 杨林. 基于最优有效路径的域间路由系统级联失效模型[J]. 信息网络安全, 2021, 21(5): 90-99.

ZHANG Jun, WANG Yongjie, ZHANG Jingye, YANG Lin. Cascading Failure Model for Inter-domain Routing System Based on Optimal Valid Path[J]. Netinfo Security, 2021, 21(5): 90-99.

图/表 12

图1

图2

图3

图4

图5

表1

表2

表3

图6

图7

图8

图9

参考文献 20

[1]	Kaspersky Lab. Information about the Network Worm Nimda[EB/OL]. http://www.kaspersky.com/about/news/virus/2001/Information_about_the_Network_Worm_Nimda, 2020-07-29.
[2]	F-Secure. Worm: W32/CodeRed. II[EB/OL]. https://www.f-secure.com/v-descs/worm_w32_codered_ii.shtml, 2020-07-29.
[3]	TOONK A. Looking at the Spamhaus DDoS from a BGP Perspective BGPmon[EB/OL]. https://bgpmon.net/looking-at-the-spamhouse-ddos-from-a-bgp-perspective/, 2020-08-22.
[4]	SAARINEN J. Testing Mistake Triggered Telstra Route Hijacks-networking-security[EB/OL]. https://www.itnews.com.au/news/testing-mistake-triggered-telstra-route-hijacks-554270, 2020-04-07.
[5]	COWIE J, OGIELSKI A T, PREMORE B J, et al. Internet Worms and Global Routing Instabilities[EB/OL]. https://www.researchgate.net/publication/252606191_Internet_worms_and_global_routing_instabilities, 2020-04-07.
[6]	SRIRAM K, MONTGOMERY D. Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation—NIST Publishes SP 800-189[EB/OL]. https://australiancybersecuritymagazine.com.au/resilient-interdomain-traffic-exchange-bgp-security-and-ddos-mitigation-nist-publishes-sp-800-189/, 2019-12-18.
[7]	SCHUCHARD M, MOHAISEN A, KUNE D F, et al. Losing Control of the Internet: Using the Data Plane to Attack the Control Plane[C]// ACM. The 17th ACM Conference on Computer and Communications Security, October 4, 2010, Chicago, Illinois, USA. New York: ACM, 2010: 726-728.
[8]	DENG Wenping, ZHU Peidong, LU Xicheng, et al. On Evaluating BGP Routing Stress Attack[J]. Journal of Communications, 2010,5(1):13-22.
[9]	LI Heshuai, ZHU Junhu, QIU Han, et al. The New Threat to Internet: DNP Attack with the Attacking Flows Strategizing Technology[J]. International Journal of Communication Systems, 2015,28(6):1126-1139. doi: 10.1002/dac.v28.6 URL
[10]	MIAO Fu, WANG Zhenxing, GUO Yi, et al. BGP-SIS: a BGP-LDoS Attack Threat Propagation Model for Inter domain Routing System[J]. Application Research of Computers, 2017,34(12):3735-3739.
	苗甫, 王振兴, 郭毅, 等. BGP-SIS: 一种域间路由系统BGP-LDoS攻击威胁传播模型[J]. 计算机应用研究, 2017,34(12):3735-3739.
[11]	XU Xinzhong, WANG Yu, MIAO Fu. Cascading Failure Model for Inter Domain Routing System Based on Birth and Die Process Theory[J]. Computer Engineering and Application, 2019,55(17):125-130.
	许新忠, 王禹, 苗甫. 基于生灭过程的域间路由系统相继故障模型[J]. 计算机工程与应用, 2019,55(17):125-130.
[12]	COFFMAN JR E G, GE Zihui, MISRA V. et al. Network Resilience: Exploring Cascading Failures within BGP[EB/OL]. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.482.1798&rep=rep1&type=pdf, 2020-07-29.
[13]	GUO Yi, WANG Zhenxing, LUO Shaopeng, et al. A Cascading Failure Model for Interdomain Routing System[J]. International Journal of Communication Systems, 2012,25(8):1068-1076. doi: 10.1002/dac.v25.8 URL
[14]	LIU Yujing, PENG Wei, SU Jinshu, et al. Assessing the Impact of Cascading Failures on the Interdomain Routing System of the Internet[J]. New Generation Computing, 2014,32(3-4):237-255. doi: 10.1007/s00354-014-0403-8 URL
[15]	LU Yuliang, YANG Bin. Analysing and Modeling Cascading Failures for Interdomain Routing System[J]. System Engineering and Electronics, 2016,38(1):172-178.
	陆余良, 杨斌. 域间路由系统级联失效分析与建模[J]. 系统工程与电子技术, 2016,38(1):172-178.
[16]	ZHU Huihu, QIU Han, WANG Qingxian, et al. Double Damage Factor-based Interdomain Routing System Cascading Failure Model[J]. Computer Engineering and Application, 2018,55(2):92-99.
	朱会虎, 邱菡, 王清贤, 等. 基于双毁伤因素的域间路由系统级联失效模型[J]. 计算机工程与应用, 2018,55(2):92-99.
[17]	BRANDES U. A Faster Algorithm for Betweenness Centrality[J]. The Journal of Mathematical Sociology, 2001,25(2):163-177. doi: 10.1080/0022250X.2001.9990249 URL
[18]	Routeviews. University of Oregon Route Views Project[EB/OL]. http://routeviews.org/, 2020-07-29.
[19]	GUO Tao. Research on Characteristics Analysis and Modeling of Internet as Level Topology Complex Network[D]. Nanjing: Nanjing University of Science and Technology, 2014.
	郭陶. Internet AS级拓扑复杂网络特性分析与建模研究[D]. 南京:南京理工大学, 2014.
[20]	CAIDA. AS Relationships[EB/OL]. https://www.caida.org/data/as-relationships/, 2020-07-29.

介数	计算方法	数据
普通介数	根据介数定义	网络拓扑
IRS介数	根据最短路由路径	Route Views路由路径集
VIRS介数	根据最优有效路径	Caida项目的自治域关系数据集

介数	最大介数	最小介数	平均介数
普通介数	14218329	1	24769.46
IRS介数	233436	1	157.48
VIRS介数	2220310	1	158.34

参数	取值	说明
N	2406	节点数量
M	4052	链路数量
Steps	100	迭代次数
α	1	单位链路负载
β	{0, 0.1,…,1}	链路容忍系数
R	{3000, 3500,…, 9000}	节点容量
$\Delta {{T}_{v}}$	5,10,15,∞	节点恢复时延
$\Delta {{T}_{e}}$	5,10,15,∞	链路恢复时延

基于最优有效路径的域间路由系统级联失效模型

Cascading Failure Model for Inter-domain Routing System Based on Optimal Valid Path

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 20

相关文章 15

编辑推荐

Metrics

本文评价

[1]	王腾飞, 蔡满春, 芦天亮, 岳婷. 基于iTrace_v6的IPv6网络攻击溯源研究[J]. 信息网络安全, 2020, 20(3): 83-89.
[2]	董威, 李永刚. 基于复杂网络的智能电网网络攻击影响分析研究[J]. 信息网络安全, 2020, 20(1): 52-60.
[3]	陈良臣, 刘宝旭, 高曙. 网络攻击检测中流量数据抽样技术研究[J]. 信息网络安全, 2019, 19(8): 22-28.
[4]	陈冠衡, 苏金树. 基于深度神经网络的异常流量检测算法[J]. 信息网络安全, 2019, 19(6): 68-75.
[5]	傅建明, 黎琳, 郑锐, 苏日古嘎. 基于GAN的网络攻击检测研究综述[J]. 信息网络安全, 2019, 19(2): 1-9.
[6]	蔡方博, 何泾沙, 朱娜斐, 韩松. 分布式访问控制模型中节点级联失效研究[J]. 信息网络安全, 2019, 19(12): 47-52.
[7]	付顺顺, 顾益军, 张大瀚, 孟凡鹏. 基于改进MCMC方法的重叠社区发现算法[J]. 信息网络安全, 2017, 17(9): 138-142.
[8]	夏玉明, 胡绍勇, 朱少民, 刘丽丽. 基于卷积神经网络的网络攻击检测方法研究[J]. 信息网络安全, 2017, 17(11): 32-36.
[9]	聂廷远, 王培培, 高久顼, 吉爱国. 基于复杂网络的FPGA IP核电路及其安全性分析[J]. 信息网络安全, 2017, 17(10): 8-12.
[10]	周玉晶, 沈嘉荟, 邱海韬, 查达仁. 基于复杂网络的社交媒体内容安全可视化分析系统[J]. 信息网络安全, 2016, 16(9): 158-162.
[11]	宋国江, 肖荣华, 晏培. 工业控制系统中PLC面临的网络空间安全威胁[J]. 信息网络安全, 2016, 16(9): 228-233.
[12]	俞诗源, 程三军. 大数据工具在网络攻击监测中的应用[J]. 信息网络安全, 2015, 15(9): 149-153.
[13]	芦天亮，周运伟，曹巍. 移动互联网攻击技术及违法犯罪手段分析[J]. 信息网络安全, 2014, 14(9): 176-179.
[14]	郭征, 郭鑫泠, 宋传旺, 聂廷远. 小世界网络抗毁性及介-度相关性研究[J]. 信息网络安全, 2014, 15(10): 81-85.
[15]	严俊龙. 基于Metasploit框架自动化渗透测试研究[J]. , 2013, 13(2): 0-0.