| 基于突变平衡态理论的BGP-LDoS攻击检测方法 |
| |
| 引用本文: | 苗甫,张连成,郭毅,王禹,王振兴.基于突变平衡态理论的BGP-LDoS攻击检测方法[J].软件学报,2018,29(12):3853-3867. |
| |
| 作者姓名: | 苗甫 张连成 郭毅 王禹 王振兴 |
| |
| 作者单位: | 解放军信息工程大学, 河南 郑州 450001,解放军信息工程大学, 河南 郑州 450001,解放军信息工程大学, 河南 郑州 450001;清华大学 网络科学与网络空间研究院, 北京 100084,河南工程学院, 河南 郑州 450007,解放军信息工程大学, 河南 郑州 450001 |
| |
| 基金项目: | 国家自然科学基金(61402525,61402526);国家高技术研究发展计划(863)(2012AA012902) |
| |
| 摘 要: | 域间路由系统是互联网的关键基础设施.针对域间路由系统的低速率拒绝服务攻击(low-rate DoS againstBGP sessions,简称BGP-LDoS)能够引起大范围级联失效,造成域间路由系统全局瘫痪.已有的防护机制和检测方法难以有效应对这种源自数据平面的大规模低速率流量拥塞攻击.分析域间路由系统在BGP-LDoS攻击威胁下的状态突变过程,提出一种基于突变平衡态理论(the equilibrium state of the catastrophe theory,简称ESCT)的BGP-LDoS攻击检测方法.以流量周期性特征、路由会话特征和报文转发量为检测特征进行突变模型的选择,并确定相应的状态变量和控制变量,进一步利用采集的历史数据为训练样本,对突变函数进行训练,以定义系统正常和失效状态时的平衡曲面.利用训练后的尖点突变模型对系统运行状态进行监控,根据分歧集函数判断系统是否出现由正常向失效的跳变,从而实现对攻击的检测.实验结果表明:ESCT方法仅需要监控系统中少量的关键链路和节点就能够具备较强的BGP-LDoS检测能力,为及时发现和提早应对攻击提供可靠参考.
|
| 关 键 词: | 突变理论 域间路由 低速率拒绝服务 攻击检测 网络安全 |
| 收稿时间: | 2017/1/17 0:00:00 |
| 修稿时间: | 2017/3/10 0:00:00 |
Method for BGP-LDoS Attack Detection of Inter Domain Routing System Based on the Theory of Catastrophe Equilibrium State |
| |
| MIAO Fu,ZHANG Lian-Cheng,GUO Yi,WANG Yu and WANG Zhen-Xing.Method for BGP-LDoS Attack Detection of Inter Domain Routing System Based on the Theory of Catastrophe Equilibrium State[J].Journal of Software,2018,29(12):3853-3867. |
| |
| Authors: | MIAO Fu ZHANG Lian-Cheng GUO Yi WANG Yu and WANG Zhen-Xing |
| |
| Affiliation: | The PLA Information Engineering University, Zhengzhou 450001, China,The PLA Information Engineering University, Zhengzhou 450001, China,The PLA Information Engineering University, Zhengzhou 450001, China;Institute of Cyberspace and Network Science, Tsinghua University, Beijing 100084, China,Henan University of Engineering, Zhengzhou 450007, China and The PLA Information Engineering University, Zhengzhou 450001, China |
| |
| Abstract: | Inter domain routing system is a key infrastructure for the Internet. A large-scale low rate denial of service attack against BGP sessions (BGP-LDoS) can trigger a wild range of cascading failure and cause the overall paralysis of inter domain routing system. Unfortunately, the existing protection mechanisms and detection methods are not effective in detecting this type of threat originated from the system''s data plane. To tackle the issue, this paper analyzes the inter domain state catastrophe process under BGP-LDoS attack, and then proposes a BGP-LDoS attack detection method based on the equilibrium state of the catastrophe theory (ESCT). Flow periodic characteristics, routing session characteristics and system forwarding packets are chosen as the detection characteristics. Based on the detection characteristics, the catastrophe model is selected and the state variables and control variables are determined. Using the collected historical data as training samples, the catastrophe function is trained in order to establish the normal and abnormal state of the equilibrium surface. Using the trained cusp catastrophe model to monitor the running state of the system, the detection of the attack is realized by utilizing the bifurcation set function to judge whether the system will jump from normal to failure. The experimental results show that this method can achieve good detection capability while only monitoring a few links and nodes. It can also provide a reliable reference for the network administrator to detect and respond to attacks in advance. |
| |
| Keywords: | catastrophe theory inter domain routing lowrate denial of service attack detection network security |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
