Researches On Multi-plane Based Monitoring Technology Of Inter-domain Routing Security

With the rapid progress of human society, the Internet has been proven more and more important. A large number of applications and services spread on the Internet, bringing great convenience to people's daily life. However, as the key infrastructure of the Internet, inter-domain routing system is suffering severe threat due to the lack of security mechanisms. Several security incidents appeared in recent years has caused serious impact to Internet and attracted extensive attention.In order to safeguard the inter-domain routing system, the academic community proposed two solutions: designing new routing protocol and monitoring routing system. Introducing new protocol requires the modification of the current routing system and may cause great waste of resources. Monitoring inter-domain routing system has been widely used, However, the existing inter-domain routing monitoring systems exhibit some limitations. In order to satisfy the requirements of inter-domain routing security in our country, we have developed an inter-domain routing monitoring system. We have implemented routing monitoring function on control plane and made contributions to national security. However, the inter-domain routing monitoring system still needs to be improved in accuracy, anomaly validation and anomalies elimination.Considering the shortages of current monitoring system, this paper carrys out research based on multiple planes. Associated with the detection function in control plane, the current system is reinforced from the knowledge plane, the data plane and the managemant plane. Our contributions can be concluded as follows:1. At knowledge plane, the knowledge base used in current monitoring system suffers shortages both in accuracy and completeness. Relying on the routing table collected, we propose a novel method of data construction of AS-IP relationship based on experiments showes that the knowledge acquired from usingour method can provide better accuracy and usability, and the knowledge can be effectively used in detection of large-scale prefix hijacking.2. At data plane, the current monitoring system can't provide the function of verifying a large number of routing anomalies. We design and develop a validation module to check the effectiveness of routing anomalies and a visualization module to show the anomalies tightly related to AS path. These two modules are based on traceroute and Google Maps respectively. They can effecitvely improve the accuracy of detection and implement visualized validation of severe anomalies.3. At management plane, the current system can only present the anomalies and leave the users to handle due to the lack of feedback and reaction mechanism. We design a feedback protocol which can automatically push the anomalies in terms of user's interest. We design and develop an automatic configure module for reaction of the feedback. Cooperating with the the detection module, routers under the control of the automatic configure module can be repaired through reconfiguration without human interference, which greatly improves the usability.Our method based on the three planes is not alone but works as a whole. The knowledge base constructed at knowledge plane can be used to verify the anomalies. After the anomalies are verified, the system could handle them better. The statistics data of the detected anomalies can also be utilized to complement the knowledge base. Our inter-domain routing monitoring system has been deployed. With the feedback from ISPs, both the knowledge base and the confirmed routing anomalies are shown to be accurate while the anomaly mitigation solutions are easy to use.