基于信任量化的自治系统恶意性判定

计算机科学 ›› 2014, Vol. 41 ›› Issue (Z6): 357-360.

基于信任量化的自治系统恶意性判定

王禹,王振兴,张连成,郭毅,孔亚洲

数学工程与先进计算国家重点实验室郑州450002;数学工程与先进计算国家重点实验室郑州450002;数学工程与先进计算国家重点实验室郑州450002;数学工程与先进计算国家重点实验室郑州450002;数学工程与先进计算国家重点实验室郑州450002

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家863计划项目(2009AA01A334,8AA01A323,8AA01A326)资助

Decision for Autonomous System Maliciousness Based on Quantitative Trust Measurement

WANG Yu,WANG Zhen-xing,ZHANG Lian-cheng,GUO Yi and KONG Ya-zhou

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 鉴于当前域间路由系统未能有效解决自治系统节点的行为恶意性判定问题,论文在研究人际网络信任关系的基础上,提出一种基于信任量化的自治系统恶意性判定模型。模型通过定义直接判定、协作判定及配合度3项判定准则,综合分析及量化目标自治域的路由交互行为,同时定义节点参与度作为最终判定结果的放大因子。基于仿真路由拓扑进行验证,结果表明,在面对典型的路由欺骗、服务受限及协作节点误报的情况下,该模型均能够有效识别和判定目标自治域节点的恶意行为,具备较好准确性和稳定性。

关键词: 域间路由系统,自治系统,信任量化,恶意性判定中图法分类号TP393文献标识码A

Abstract: Decision for Autonomous System maliciousness has not been effectively resolved within the current inter-domain routing system．On the basis of the research on trust relationship via the human society networks,a model of decision for the Autonomous System maliciousness based on the quantitative trust measurement is proposed．Three criteria including direct decision,collaborative decision and degree of coordination are defined,on which the comprehensive analysis and quantization towards the interactive routing behaviors of target Autonomous System,and the degree of participation is also defined as the amplifying factor．Experiments based on simulation topology is launched and the result indicates that,under the typical circumstances of routes spoofing,services restriction and intended incorrect decision by collaborative Autonomous System,the model can effectively discriminate and make reasonable decisions to the target malicious behavior,with good accuracy and stability.

Key words: Inter-domain routing system,Autonomous system,Quantitative trust measurement,Maliciousness decision

王禹,王振兴,张连成,郭毅,孔亚洲. 基于信任量化的自治系统恶意性判定[J]. 计算机科学, 2014, 41(Z6): 357-360. https://doi.org/

WANG Yu,WANG Zhen-xing,ZHANG Lian-cheng,GUO Yi and KONG Ya-zhou. Decision for Autonomous System Maliciousness Based on Quantitative Trust Measurement[J]. Computer Science, 2014, 41(Z6): 357-360. https://doi.org/

参考文献

[1] Butler K T,Farley R,McDaniel P,et al．A survey of BGP security issues and solutions[J]．Proceedings of the IEEE,2010,98(1):100-122
[2] 王娜,智英建,张建辉,等．一个基于身份的安全域间路由协议[J]．软件学报,2009,20(12):3223-3239
[3] Oorschot P C,Wan T,Kranakis E．On interdomain routing security and pretty secure BGP (psBGP)[J]．ACM Transactions on Information and System Security (TISSEC),2007,10(3):11-25
[4] 胡乔林,孙一品,苏金树．BAR-BGP:基于备份通告和恢复转发的可靠域间路由[J]．计算机研究与发展,2011,48(12):2242-2252
[5] Lad M,Massey D,Pei D,et al．PHAS:a prefix hijack alert system[C]∥Proceedings of the 15th USENIX Security Symposium．Vancouver,Canada,2006:108-119
[6] Schapira M,Zhu Y,Rexford J．Putting BGP on the right path:A case for next-hop routing[C]∥Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks．Monterey,CA,USA,2010:1-6
[7] RIPE．Ripe’s MyASN[EB/OL]．http://www.ris.ripe.net /myasn.html,2011-05-01/2013-04-22
[8] 刘欣,王小强,朱培栋,等．互联网域间路由系统安全态势评估[J]．计算机研究与发展,2009,46(10):1669-1677
[9] 郭毅,王振兴,程东年．基于博弈的域间路由协同监测激励策略[J]．中国科学,2012,42(7):803-814
[10] Shen Y,Bi J,Wu J P,et al．A two-level source address spoofing prevention based on automatic signature and verification mechanism[C]∥Proceedings of the IEEE symposium on computers and communications．Tarrytown,NY,USA,2008:392-397
[11] Ning H,Peidong Z,Peng Z．Reputation Mechanism for Inter-domain Routing Security Management[C]∥Proceedings of the 9th International Conference on Computer and Information Techno-logy．Xiamen,China,2009:98-103
[12] 李峰,申利民,司亚利,等．一种基于实体上下文和时间戳的信任预测模型[J]．电子与信息学报,2011,33(5):1217-1223

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed