Research And Implementation Of Security Monitoring System For Inter-domain Routing

National economy and society development become more dependent on the global Internet. Inter-domain routing system based on BGP is the key routing infrastructure of the Internet. Currently it is prone to imprudence errors and is menaced by many aggressive attacks. In recent years, the researches about security of inter-domain routing of the Internet have attracted great attentions, and are being hot research points.Since the deployment of the secure protocol mechanisms, such as S-BGP, is confronted with many obstacles, monitoring is an effective and practical method to ensure the healthy inter-domain routing system based on the current network devices, for it is extensible and can be deployed conveniently, as well as it doesn't have to modify the current protocol. In this paper, we propose a hierarchical monitoring model ISP-View for inter-domain routing system, which can detect anomalous routes and avoid the deficiencies of other monitoring systems. Some key technologies about this model are also researched, and the system is designed and implemented. First, we establish the relational database model of the monitoring system and present the detailed design of database, which includes database of the network knowledge, database of the Internet model, database of the Internet BGP routing information and anomaly routing, database of the local BGP routing information and anormoulas routing. We mainly focus on the compression of the route tables: for compression of a single route table, we perform the data base normalization by partitioning the relations; for multiple route tables, we propose a delta lossless compression algorithm which is based on time stamp which facilitates the joint analysis and detection among different route tables.Anomaly detection of high performance is implemented in our system. We apply the syntactic and semantic analysis in BGP routing tables, and classify anomaly detection rules into strategic rules, general rules and special rules. Then we design and implement of the anomaly detection engine based on these rules. By the single-view checking, multi-view checking and local application strategy checking, we establish the routing anomaly database.For visualization of detection results, we improve the topological display model, and propose a spring-field model of the dynamic displaying of the network topology map. By applying our algorithm into ISP-View, The network topologies can be displayed in different levels so as to show the routing system safety dynamically and monitor the abnormal behavior of the Inter-domain Routing system. Simulated annealing algorithm is applied to static topology offline display in our system.Finally, we present the detailed design of the inter-domain routing monitoring system. A prototype of the Internet BGP routing monitoring is implemented and some application examples are presented in the end of this paper.