| The Internet consists of tens of thousands of interconnected autonomous systems(ASs).ASs use Border Gateway Protocol(BGP)for information exchange.Inter-domain routing communication greatly affects the stability of the Internet.At the beginning of its design,BGP lacked an information security verification mechanism,which led to the continuous emergence of BGP inter-domain routing security issues.Prefix hijacking is one of the security problems of BGP inter-domain routing that has received extensive attention at home and abroad.Its attack cost is low,but it causes great harm,including direct economic loss,information leakage and service interruption.Therefore,monitoring the occurrence of BGP prefix hijacking events is of great significance to maintaining the security and stability of Internet inter-domain routing.There are three existing BGP hijacking event monitoring methods.The control plane method has good real-time performance but the results are less accurate;the data plane method has high accuracy but has disadvantages such as high delay and the results are greatly affected by the deployment range of hardware facilities;the composite monitoring method reduces latency,but the results are greatly affected by the scope of hardware deployment.In addition,existing monitoring methods focus on the false positive rate and false negative rate of monitoring results,ignoring the sensitivity and importance of prefix hijacking events.This thesis designs and implements a hijacking event monitoring method based on multiple filtering,performs multiple compliance filtering on the detected suspected prefix hijacking events,and classifies them according to the importance of the hijacking events,thereby improving the monitoring efficiency of BGP prefix hijacking events.The work of this thesis is mainly divided into three parts.Firstly,the multi-dimensional information of AS is collected and extracted,and the AS basic information knowledge base,AS relation knowledge base,AS topology knowledge base and IP prefix application service mapping base are constructed to form a relatively complete AS knowledge pedigree.Secondly,use the BGP inter-domain routing table and BGP interdomain routing update messages to extract the key information in the BGP routing messages to monitor the multi-source AS announcement conflicts of IP prefixes,and form a set of suspected prefix hijacking events.The four dimensions of AS relationship,AS type,IP prefix type,and event stability filtering are used to perform multiple compliance filtering on suspected prefix hijacking events and associate with application services to classify the importance of prefix hijacking events.Finally,the BGP hijacking event monitoring system is designed and implemented.The reliability of the system is verified by comparing the experimental results with the existing monitoring systems,which can provide effective data support for the research on inter-domain routing security. |
PDF Full Text Request