A Network Topology Discovery Algorithm Resistant to Routing Spoofing

doi:10.3969/j.issn.1671-1122.2017.07.008

Abstract

Abstract:

Accurate and comprehensive network topology can directly and effectively present the structure and state of the current network to network managers, so an accurate and complete network topology is an important part of network fault management, configuration management, and security management. Proactive detection based on ICMP and ARP has negative effects on the performance of network. The existing network topology discovery method based on IS-IS is difficult to ensure efficiency on describing IP network when attack based on routing protocol occurred. Then this paper proposes an algorithm for IP network topology based on IS-IS by analyzing the LSP packet, the algorithm obtains the information of network topology such as the relationship of the links between routers without making influence on network, then produce a believable, complete base network topology and request PSNP for security to avoid network topology changes caused by routing spoofing. The simulation result shows the algorithm can get a complete network topology in a routing spoofing environment which verified the feasibility of algorithm.

Key words: IS-IS protocol, topology discovery, data authenticity, IP network

CLC Number:

TP393

Yifang ZHAO, Dongmei ZHANG. A Network Topology Discovery Algorithm Resistant to Routing Spoofing[J]. Netinfo Security, 2017, 17(7): 52-58.

Figures/Tables 13

References 9

[1]	赵玉东,徐恪,朱亮. 一种路由设备服务可信属性定义方法与可信路由协议设计[J]. 信息网络安全,2015(1):24-31.
[2]	李天佑,许敏. 基于集成IS-IS路由协议网络拓扑发现初探[J]. 计算机应用,2007(S1):183-186.
[3]	范双娇. 基于OSPF协议的拓扑发现与攻击检测技术研究[D]. 北京:北京邮电大学,2015.
[4]	马俐敏. 基于IS-IS路由协议的数据通信网络拓扑发现方法的设计与实现[D]. 北京:北京邮电大学,2011.
[5]	王卫华. IS-IS路由性能监测系统设计与实现[D].北京:北京邮电大学,2008.
[6]	尹宝,姜丽莹,王潮. 量子蚁群算法的大规模无线传感网可信安全路由设计[J]. 信息网络安全,2015(3):14-18.
[7]	PERLMAN R.A Comparison between Two Routing Protocols: OSPF and IS-IS[J]. IEEE Network Magazine of Global Internetworking, 1991(9): 18-24.
[8]	刘伟,叶清,王成. 基于动态密钥管理的改进LEACH路由算法[J]. 信息网络安全,2015(8):41-46.
[9]	何杭锋. 网络拓扑发现技术研究[D]. 淮南:安徽理工大学,2013.

[1]	Xu ZHAO, Guangqiu HUANG, Yanpeng CUI, Mingming WANG. Improvement of Selection Operator in Multithreading Model for Multimedia Packets in NIDS [J]. Netinfo Security, 2018, 18(10): 45-50.
[2]	DA Xiaowen, MAO Limin, WU Mingjie, GUO Min. Research on a Vulnerability Location Technology Based on Patch Matching and Static Taint Analysis [J]. 信息网络安全, 2017, 17(9): 5-5.
[3]	XU Weiyang, LI Yao, TANG Yong, WANG Baosheng. Research on Cross-architecture Vulnerabilities Searching in Binary Executables [J]. 信息网络安全, 2017, 17(9): 21-25.
[4]	QI Ben, WANG Mengdi. A Method Using Information Gain and Naive Bayes to Extract Network Situation Information [J]. 信息网络安全, 2017, 17(9): 54-57.
[5]	ZHAN Man, XIAN Hequn, ZHANG Shuguang. Research on Identity Authentication Technology Based on Gravity Sensor [J]. 信息网络安全, 2017, 17(9): 58-62.
[6]	TIAN Qingyi, LI Baoshun. Research on Electronic Data Forensics of Small Unmanned Aerial Vehicle [J]. 信息网络安全, 2017, 17(9): 85-88.
[7]	WANG Yuhui, ZENG Zehua, SHEN Jiahui, FU Tianshu. APT Logic-based Causality Analysis of Terrorist Incidents [J]. 信息网络安全, 2017, 17(9): 93-97.
[8]	WANG Zihan, WANG Yuhui, WANG Lei, WANG Xin. Research on a Topic Evolution Analysis System of Emergency Based on Social Media [J]. 信息网络安全, 2017, 17(9): 98-102.
[9]	CHENG Juanjuan, ZHENG Fangyu, LIN Jingqiang, DONG Jiankuo. High-performance Implementation of Curve25519 on GPU [J]. 信息网络安全, 2017, 17(9): 122-127.
[10]	FU Shunshun, GU Yijun, ZHANG Dahan, MENG Fanpeng. Overlapping Community Detection Algorithm Based on Improved MCMC Method [J]. 信息网络安全, 2017, 17(9): 138-142.
[11]	HAN Xuan, LIU Yamin. Research on the Consensus Mechanisms of Blockchain Technology [J]. 信息网络安全, 2017, 17(9): 147-152.
[12]	GUO Min, ZENG Yingming, YAO Jinli, DA Xiaowen. The Analysis of Software Behavior Security Based on Big Data Samples [J]. 信息网络安全, 2017, 17(9): 153-156.
[13]	WANG Ping, ZHOU Zhiping. An Improved RFID Ownership Transfer Protocol Based on Cloud [J]. 信息网络安全, 2017, 17(8): 60-68.
[14]	Yanping YANG. The Algorithm of Social Network Users Reliability Based on Bidirectional Weighted Graph [J]. Netinfo Security, 2017, 17(7): 40-44.
[15]	Hao WANG, Xiangfu SONG, Junming KE, Qiuliang XU. Blockchain and Privacy Preserving Mechanisms in Cryptocurrency [J]. Netinfo Security, 2017, 17(7): 32-39.