Computer Science ›› 2019, Vol. 46 ›› Issue (6A): 343-347.

• Information Security • Previous Articles     Next Articles

NFV Based Detection Method Against Double LSAs Attack on OSPF Protocol

LI Peng-fei, CHEN Ming, DENG Li, QIAN Hong-yan   

  1. Department of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China
  • Online:2019-06-14 Published:2019-07-02

Abstract: The OSPF protocol is one of the most widely used and successful interior gateway routing protocols in the Internet.Although there have been lots of investigations on the security of the OSPF protocol,there is still a lack of effective detection methods against the route spoofing attacks,so it is difficult to ensure the security of the OSPF routing in networks.By studying the principle of the double link state advertisements (LSAs) attack on the OSPF protocol,this paper presented three necessary conditions that are used to detect the attack,and proposed a detection method against the double LSAs attack on the OSPF protocol.Then,a corresponding detection middle box and analysis server used to detect attacks and clear up their routing pollution were designed and implemented based on the network function virtualization (NFV) technology.The detection middle box is responsible for capturing relevant OSPF packets from various links,sending the trace records to the analysis server,and receiving instructions from the analysis server to restore the polluted routes.The analysis server invokes the detection algorithm to analyze and process the trace record stream,and an alarm is given and an instruction is sent to the detection middle box to restore the contaminated routes if an attack is detected.The experimental results of the prototype show that the proposed method can detect the OSPF double LSAs attack in both IP networks or NFV networks accurately and efficiently,and the prototype has excellent characteristics such as high cost performance and easy to deploy.

Key words: OSPF, Routing protocol attack, Network security, Network function virtualization, Detection method

CLC Number: 

  • TP393
[1] JIN L,XIE L.Internet network security [J].Computer Engineering And Design,2003,24(2):19-22.
[2] MOY J.OSPF version 2.RFC 2328 [S].Fremont,CA:IETF,1998.
[3] MOY J T.OSPF:Anatomy of an Internet routing protocol[J].IEEE Network,1998,12(6):4.
[4] JAYAKUMAR M,REKHA N R S,BHARATHI B.A comparative study on RIP and OSPF protocols[C]∥Proceedings of International Conference on Innovations in Information,Embedded and Communication Systems.NJ:IEEE,2015:1-5.
[5] NAKIBLY G,KIRSHON A,GONIKMAN D,et al.Persistent OSPF attacks [C]∥Proceedings of the 19th Annual Network and Distributed System Security Symposium.San Diego:Internet Society,2012.
[6] JONES E,LE MOIGNE O.OSPF Security Vulnerabilities Analysis [S].2006.
[7] NAKIBLY G,KIRSHON A,GONIKMAN D,et al.Owning the Routing Table-New OSPF Attacks[C]∥Proceedings of Black Hat .USA:Black Hat,2011.
[8] 夏云峰.基于OSPF路由协议的路由欺骗分析[D].南京:东南大学,2014.
[9] SONG Y,GAO S,HU A,et al.Novel attacks in OSPF networks to poison routing table[C]∥ICC 2017-2017 IEEE International Conference on Communications.IEEE,2017:1-6.
[10] KASAMSUWAN P,VISOOTTIVISETH V.OSV:OSPF vulnerability checking tool[C]∥Proceedings of International Joint Conference on Computer Science and Software Engineering.NJ:IEEE,2017:1-6.
[11] WANG M H.The Security Analysis and Attacks Detection of OSPF Routing Protocol[C]∥Proceedings of International Conference on Intelligent Computation Technology and Automation.NJ:IEEE,2015:836-839.
[12] MIJUMBI R,SERRAT J,GORRICHO J L,et al.Network Function Virtualization:State-of-the-art and Research Challenges[J].IEEE Communications Surveys & Tutorials,2017,18(1):236-262.
[13] MICHALSKI M,CIESLAK K,POLAK M.The system for large networks emulation with OSPF/BGP routers based on LXC[C]∥IEEE,International Conference on High PERFORMANCE Switching and Routing.IEEE,2016:1-4.
[14] BEMSTEIN D.Containers and Cloud:From LXC to Docker to Kubernetes[J].IEEE Cloud Computing,2015,1(3):81-84.
[15] JAKMA P,LAMPARTER D.Introduction to the quagga routing suite[J].IEEE Network,2014,28(2):42-48.
[16] DUMITRACHE C G,PREDUSCA G,CIRCIUMARESCU L D,et al.Comparative study of RIP,OSPF and EIGRPprotocols using Cisco Packet Tracer[C]∥Proceedings of International Symposium on Electrical and Electronics Engineering.NJ:IEEE,2017:1-6.
[1] SU Chang, ZHANG Ding-quan, XIE Xian-zhong, TAN Ya. NFV Memory Resource Management in 5G Communication Network [J]. Computer Science, 2020, 47(9): 246-251.
[2] BAI Xue, Nurbol and WANG Ya-dong. Map Analysis for Research Status and Development Trend on Network Security Situational Awareness [J]. Computer Science, 2020, 47(6A): 340-343.
[3] BAI Wei, PAN Zhi-song, XIA Shi-ming, CHENG Ang-xuan. Network Security Configuration Generation Framework Based on Genetic Algorithm Optimization [J]. Computer Science, 2020, 47(5): 306-312.
[4] WEI De-bin,YANG Peng,YANG Li,SHI Huai-feng. Virtual Network Function Fast Mapping Algorithm over Satellite Network [J]. Computer Science, 2020, 47(3): 248-254.
[5] LIU Hai-bo,WU Tian-bo,SHEN Jing,SHI Chang-ting. Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory [J]. Computer Science, 2020, 47(1): 281-286.
[6] ZHANG Jie-hui, PAN Chao, ZHANG Yong. Network System Risk Assessment Model with Optimal Weights [J]. Computer Science, 2019, 46(6): 148-152.
[7] FU Ze-qiang, WANG Xiao-feng, KONG Jun. High-performance Association Analysis Method for Network Security Alarm Information [J]. Computer Science, 2019, 46(5): 116-121.
[8] ZHAO Meng-yao, LI Xiao-yu. Bidirectional Anonymous Secret Communication Protocol Based on Onion Routing [J]. Computer Science, 2019, 46(4): 164-171.
[9] XUE Hao, CHEN Ming, QIAN Hong-yan. NFV-based Mechanism to Guard Against UDP Control Packet Redundancy in SDN Controller [J]. Computer Science, 2019, 46(10): 135-140.
[10] ZHU Jiang, CHEN Sen. Network Security Situation Prediction Method Based on NAWL-ILSTM [J]. Computer Science, 2019, 46(10): 161-166.
[11] GENG Hai-jun. Intra-domain Routing Protection Scheme by Optimizing Link Weight [J]. Computer Science, 2019, 46(1): 143-147.
[12] CHEN Jin-yin,XU Xuan-yan,SU Meng-meng. Research on Network Attack Detection Based on Self-adaptive Immune Computing [J]. Computer Science, 2018, 45(6A): 364-370.
[13] LIU Jing-wei, LIU Jing-ju, LU Yu-liang, YANG Bin, ZHU Kai-long. Optimal Defense Strategy Selection Method Based on Network Attack-Defense Game Model [J]. Computer Science, 2018, 45(6): 117-123.
[14] MA Zhan-fei, CHEN Hu-nian, YANG Jin, LI Xue-bao and BIAN Qi. Novel Network Intrusion Detection Method Based on IPSO-SVM Algorithm [J]. Computer Science, 2018, 45(2): 231-235.
[15] CHEN Wei-peng, AO Zhi-gang, GUO Jie, YU Qin, TONG Jun. Research on Cyberspace Situation Awareness Security Assessment Based on Improved BP Neural Network [J]. Computer Science, 2018, 45(11A): 335-337.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .