一种基于NFV的检测OSPF双LSA攻击的方法

摘要/Abstract

摘要： OSPF协议是因特网中使用最广泛和最成功的内部网关路由协议之一。尽管当前对OSPF协议的安全性已有许多研究,但仍缺乏有效的检测路由欺骗攻击的方法,难以保证网络中OSPF路由的安全性。通过研究OSPF双链路状态通告(LSA)攻击方法的原理,给出了用于确定攻击者的3个必要条件,提出了一种检测OSPF双LSA攻击的方法。基于网络功能虚拟化(NFV)技术,设计实现了检测中间盒与分析服务器用于检测攻击与消除路由污染。检测中间盒负责从各链路捕获相关OSPF分组,将trace记录发送给分析服务器;分析服务器调用检测算法分析处理接收到的trace记录流,若检测到攻击则告警,同时指令检测中间盒来恢复污染路由。原型系统的实验结果表明,所提方法能够在IP网络或NFV网络中准确高效地检测出OSPF双LSA攻击,并且实现的系统具有性价比高、易于部署等优良特点。

关键词: OSPF, 检测方法, 路由协议攻击, 网络安全, 网络功能虚拟化

Abstract: The OSPF protocol is one of the most widely used and successful interior gateway routing protocols in the Internet.Although there have been lots of investigations on the security of the OSPF protocol,there is still a lack of effective detection methods against the route spoofing attacks,so it is difficult to ensure the security of the OSPF routing in networks.By studying the principle of the double link state advertisements (LSAs) attack on the OSPF protocol,this paper presented three necessary conditions that are used to detect the attack,and proposed a detection method against the double LSAs attack on the OSPF protocol.Then,a corresponding detection middle box and analysis server used to detect attacks and clear up their routing pollution were designed and implemented based on the network function virtualization (NFV) technology.The detection middle box is responsible for capturing relevant OSPF packets from various links,sending the trace records to the analysis server,and receiving instructions from the analysis server to restore the polluted routes.The analysis server invokes the detection algorithm to analyze and process the trace record stream,and an alarm is given and an instruction is sent to the detection middle box to restore the contaminated routes if an attack is detected.The experimental results of the prototype show that the proposed method can detect the OSPF double LSAs attack in both IP networks or NFV networks accurately and efficiently,and the prototype has excellent characteristics such as high cost performance and easy to deploy.

Key words: Detection method, Network function virtualization, Network security, OSPF, Routing protocol attack

中图分类号:

TP393

李鹏飞, 陈鸣, 邓理, 钱红燕. 一种基于NFV的检测OSPF双LSA攻击的方法[J]. 计算机科学, 2019, 46(6A): 343-347. https://doi.org/

LI Peng-fei, CHEN Ming, DENG Li, QIAN Hong-yan. NFV Based Detection Method Against Double LSAs Attack on OSPF Protocol[J]. Computer Science, 2019, 46(6A): 343-347. https://doi.org/

参考文献

[1]JIN L,XIE L.Internet network security [J].Computer Engineering And Design,2003,24(2):19-22.
[2]MOY J.OSPF version 2.RFC 2328 [S].Fremont,CA:IETF,1998.
[3]MOY J T.OSPF:Anatomy of an Internet routing protocol[J].IEEE Network,1998,12(6):4.
[4]JAYAKUMAR M,REKHA N R S,BHARATHI B.A comparative study on RIP and OSPF protocols[C]∥Proceedings of International Conference on Innovations in Information,Embedded and Communication Systems.NJ:IEEE,2015:1-5.
[5]NAKIBLY G,KIRSHON A,GONIKMAN D,et al.Persistent OSPF attacks [C]∥Proceedings of the 19th Annual Network and Distributed System Security Symposium.San Diego:Internet Society,2012.
[6]JONES E,LE MOIGNE O.OSPF Security Vulnerabilities Analysis [S].2006.
[7]NAKIBLY G,KIRSHON A,GONIKMAN D,et al.Owning the Routing Table-New OSPF Attacks[C]∥Proceedings of Black Hat .USA:Black Hat,2011.
[8]夏云峰.基于OSPF路由协议的路由欺骗分析[D].南京:东南大学,2014.
[9]SONG Y,GAO S,HU A,et al.Novel attacks in OSPF networks to poison routing table[C]∥ICC 2017-2017 IEEE International Conference on Communications.IEEE,2017:1-6.
[10]KASAMSUWAN P,VISOOTTIVISETH V.OSV:OSPF vulnerability checking tool[C]∥Proceedings of International Joint Conference on Computer Science and Software Engineering.NJ:IEEE,2017:1-6.
[11]WANG M H.The Security Analysis and Attacks Detection of OSPF Routing Protocol[C]∥Proceedings of International Conference on Intelligent Computation Technology and Automation.NJ:IEEE,2015:836-839.
[12]MIJUMBI R,SERRAT J,GORRICHO J L,et al.Network Function Virtualization:State-of-the-art and Research Challenges[J].IEEE Communications Surveys & Tutorials,2017,18(1):236-262.
[13]MICHALSKI M,CIESLAK K,POLAK M.The system for large networks emulation with OSPF/BGP routers based on LXC[C]∥IEEE,International Conference on High PERFORMANCE Switching and Routing.IEEE,2016:1-4.
[14]BEMSTEIN D.Containers and Cloud:From LXC to Docker to Kubernetes[J].IEEE Cloud Computing,2015,1(3):81-84.
[15]JAKMA P,LAMPARTER D.Introduction to the quagga routing suite[J].IEEE Network,2014,28(2):42-48.
[16]DUMITRACHE C G,PREDUSCA G,CIRCIUMARESCU L D,et al.Comparative study of RIP,OSPF and EIGRPprotocols using Cisco Packet Tracer[C]∥Proceedings of International Symposium on Electrical and Electronics Engineering.NJ:IEEE,2017:1-6.

相关文章 15

[1]	柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[2]	王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077
[3]	陈晶, 吴玲玲. 多源异构环境下的车联网大数据混合属性特征检测方法 Mixed Attribute Feature Detection Method of Internet of Vehicles Big Datain Multi-source Heterogeneous Environment 计算机科学, 2022, 49(8): 108-112. https://doi.org/10.11896/jsjkx.220300273
[4]	赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[5]	陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048
[6]	杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[7]	邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
[8]	吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151
[9]	张师鹏, 李永忠. 基于降噪自编码器和三支决策的入侵检测方法 Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions 计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059
[10]	周仕承, 刘京菊, 钟晓峰, 卢灿举. 基于深度强化学习的智能化渗透测试路径发现 Intelligent Penetration Testing Path Discovery Based on Deep Reinforcement Learning 计算机科学, 2021, 48(7): 40-46. https://doi.org/10.11896/jsjkx.210400057
[11]	李贝贝, 宋佳芮, 杜卿芸, 何俊江. DRL-IDS:基于深度强化学习的工业物联网入侵检测系统 DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things 计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
[12]	陈海彪, 黄声勇, 蔡洁锐. 一个基于智能电网的跨层路由的信任评估协议 Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid 计算机科学, 2021, 48(6A): 491-497. https://doi.org/10.11896/jsjkx.201000169
[13]	王金恒, 单志龙, 谭汉松, 王煜林. 基于遗传优化PNN神经网络的网络安全态势评估 Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network 计算机科学, 2021, 48(6): 338-342. https://doi.org/10.11896/jsjkx.201200239
[14]	张凯, 刘京菊. 基于吸收Markov链的网络入侵路径分析方法 Attack Path Analysis Method Based on Absorbing Markov Chain 计算机科学, 2021, 48(5): 294-300. https://doi.org/10.11896/jsjkx.200700108
[15]	陈明豪, 祝跃飞, 芦斌, 翟懿, 李玎. 基于Attention-CNN的加密流量应用类型识别 Classification of Application Type of Encrypted Traffic Based on Attention-CNN 计算机科学, 2021, 48(4): 325-332. https://doi.org/10.11896/jsjkx.200900155

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed