Research On Anomaly Detection Technology Of Inter-domain Routing For IPv6 Network

The Internet is playing an increasingly important role in the national construction and society development. As the key information infrastructure of Internet, BGP based inter-domain routing system is currently threatened by malicious attacks and human errors. In recent years, inter-domain routing security has drawn significant attentions from academic and industrial communities.With the exhaustion of IPv4 adderss space, it becomes urgent to deploy IPv6, which raises new demands on the security of inter-domain routing. Meanwhile, there are many barriers for the security mechanisms such as S-BGP to deploy, and the monitoring of inter-domain routing is a pratical and efficient way to secure inter-domain routing via current networking facility. This paper focuses on the detection of inter-domain routing anomaly in IPv6 networks, and our contributions are summarized as follows:1) In terms of address structure and category, allocation policy, IP Protocol and security schemes in IP layer, we compare the IPv6 networks and IPv4 networks, and we also compare the protocol BGP4+ and BGP-4 to find the difference impacting the inter-domain routing security. We investigate the deployment situation of IPv6 networks, and find that the security of inter-domain routing in IPv6 networks is relying on the IPv4 networks due to the use of tunnel technology and translation technology.2) Drawing experience from network science, we propose a new metric Marginal Betweenness to characterize the importance of an AS (Autonomous System) to a particular AS or a group of ASes from the perspective of Internet traffic. Based on this new metric, we optimize the inference algorithm of Tier-1 ASes by incorporating the traffic characteristics that each Tier-1 AS should forward a significant portion of traffic for its Tier-1 partners. This optimization can significantly improve the detection of valley-free violations, as well as the selection of key ASes and networks in the monitoring of inter-domain routing system.3) To study the anomalies of inter-domain for IPv6 network and its detection technology, we firstly investigate the anomalies newly found in IPv6 networks, including too-long prefix, empty ASPath and ASPath hybridity, by analyzing the potential causes and damages they can cause. Secondly we revise the detection rules of DUSA anomaly and private AS number anomaly, which suffer great changes in IPv6 enviroment, or cannot effctively distinguish normality and anomal. Finally oriented to IPv6 networks, we analysize the cause and impact of the other anomalies found in IPv4 networks .4) Based on the approaches above, we design and implement an inter-domain routing monitoring system which is completely compatible with the IPv4 anomaly detection and IPv6 anomaly detection, and compare the anomalies detected in IPv6 networks with those in IPv4 networks, and finally conclude this paper by analyzing the impact scope of various IPv6 routing anomalies.This paper makes a research on the inter-domain anomaly detection for IPv6 network. In the research, we find that though the significant commercial deployment of IPv6 networks just started, the sorts of anomalies previously found in IPv4 networks have been found in IPv6 network, and we also found several new types of anomalies. Meanwhile, by analysizing the transition from IPv4 to IPv6, we find that in the transition process the security of inter-domain routing in IPv6 networks is relying on the IPv4 networks.