计算机科学 ›› 2014, Vol. 41 ›› Issue (8): 158-163.doi: 10.11896/j.issn.1002-137X.2014.08.035
杨斌,陆余良,杨国正,张亮
YANG Bin,LU Yu-liang,YANG Guo-zheng and ZHANG Liang
摘要: 提出一种基于聚类的路径伪造检测方法。该方法将相邻时刻路由路径的变化集作为检测对象,以前缀地址所属国家为依据,对路径变化集进行聚类,引入各变化自治域的AS链接概率偏离度、中间国家出现概率和中间国家地理偏离度的定义,在此基础上引入路径级异常检测指标,综合利用这些指标检测路由中的路径伪造异常行为。选用真实的路径伪造事件数据进行实验,结果表明该检测方法较以往的检测方法更为有效、可行。
[1] Rekhter Y,Li T,Hares S.A Border Gateway Protocol 4(BGP-4)[EB/OL].RFC4271.2006 [2] 黎松,诸葛建伟,李星.BGP安全研究[J].软件学报,2013,4(1):121-138 [3] Brown M A.Pakistan hijacks YouTube.Renesys Blog[EB/OL].http://www.renesys.c-om/blog/2008/02/pakistan-hijacks-youtube-1.shtml,2008 [4] Prefix hijacking by Michael Lindsay via Internap[EB/OL].http://mailman.nanog.org/pipermail/nanog/2011-August/039379.html.2011.08 [5] Hiran R,Carlsson N,Gill P.Characterizin-g Large-scale Routing Anomalies A Case Study of the China Telecom Incident[C]∥Passive and Active Measurement.2012:229-238 [6] Hu X,Mao Z M.Accurate real-time identification of IP hijacking[C]∥Proc.07th Security and Privacy.Berkeley,CA,2007:3-17 [7] Kruegel C,Mutz D,Robertson W,et al.Topology-based detection of anomalous BGP messages[C]∥Proc.6th Symp.Recent Advances in Intrusion Detection(RAID).2007:17-35 [8] Hong S C,Hong J W K,Ju H.IP prefix hijacking detectionusing the collection of AS Characteristics[C]∥Proc.17th Network Operations and management symposium.Taipei,China,2011:1-7 [9] Li J,Ehrenkranz T,Elliott P.Buddyguard:a buddy system for fast and reliable detection of IP prefix anomalies[C]∥Proc.20th IEEE International Conference(ICNP).2012:1-10 [10] Zhao X,Pei D,Wang L,et al.An analysis of BGP multiple origin AS(MOAS) conflicts[C]∥Proc.of the SIGCOMM Internet Measurement Workshop,2001.San Francisco:ACM,2001:31-35 [11] http://www.gossamer-threads.com/lists/nanog/users/144024.2011 [12] Route Views Project Page.http://www.routeviews.org.2005 |
No related articles found! |
|