摘要
域间路由系统是互联网的关键基础设施.针对域间路由系统的低速率拒绝服务攻击(low-rate DoS against BGP sessions,简称BGP-LDoS)能够引起大范围级联失效,造成域间路由系统全局瘫痪.已有的防护机制和检测方法难以有效应对这种源自数据平面的大规模低速率流量拥塞攻击.分析域间路由系统在BGP-LDoS攻击威胁下的状态突变过程,提出一种基于突变平衡态理论(the equilibrium state of the catastrophe theory,简称ESCT)的BGP-LDoS攻击检测方法.以流量周期性特征、路由会话特征和报文转发量为检测特征进行突变模型的选择,并确定相应的状态变量和控制变量,进一步利用采集的历史数据为训练样本,对突变函数进行训练,以定义系统正常和失效状态时的平衡曲面.利用训练后的尖点突变模型对系统运行状态进行监控,根据分歧集函数判断系统是否出现由正常向失效的跳变,从而实现对攻击的检测.实验结果表明:ESCT方法仅需要监控系统中少量的关键链路和节点就能够具备较强的BGP-LDoS检测能力,为及时发现和提早应对攻击提供可靠参考.
Inter domain routing system is a key infrastructure for the Internet. A large-scale low rate denial of service attack against BGP sessions (BGP-LDoS) can trigger a wild range of cascading failure and cause the overall paralysis of inter domain routing system. Unfortunately, the existing protection mechanisms and detection methods are not effective in detecting this type of threat originated from the system's data plane. To tackle the issue, this paper analyzes the inter domain state catastrophe process under BGP-LDoS attack, and then proposes a BGP-LDoS attack detection method based on the equilibrium state of the catastrophe theory (ESCT). Flow periodic characteristics, routing session characteristics and system forwarding packets are chosen as the detection characteristics. Based on the detection characteristics, the catastrophe model is selected and the state variables and control variables are determined. Using the collected historical data as training samples, the catastrophe function is trained in order to establish the normal and abnormal state of the equilibrium surface. Using the trained cusp catastrophe model to monitor the running state of the system, the detection of the attack is realized by utilizing the bifurcation set function to judge whether the system will jump from normal to failure. The experimental results show that this method can achieve good detection capability while only monitoring a few links and nodes. It can also provide a reliable reference for the network administrator to detect and respond to attacks in advance.
作者
苗甫
张连成
郭毅
王禹
王振兴
MIAO Fu;ZHANG Lian-Cheng;GUO Yi;WANG Yu;WANG Zhen-Xing(The PLA Information Engineering University,Zhengzhou 450001,China;Institute of Cyberspaee and Network Science,Tsinghua University,Beijing 100084,China;Henan University of Engineering,Zhengzhou 450007,China)
出处
《软件学报》
EI
CSCD
北大核心
2018年第12期3853-3867,共15页
Journal of Software
基金
国家自然科学基金(61402525
61402526)
国家高技术研究发展计划(863)(2012AA012902)~~
关键词
突变理论
域间路由
低速率拒绝服务
攻击检测
网络安全
catastrophe theory
inter domain routing
lowrate denial of service
attack detection
network security