Inter-domain routing system mimicry protection method based on AS security alliance

Abstract

The invention discloses an inter-domain routing system mimicry protection method based on an AS security alliance. On the basis of analyzing the basic principle and characteristics of a BGP-LDoS attack, for meeting the precondition that precise target path selection and planning are needed before the BGP-LDoS attack is implemented, the security alliance is established by AS nodes in an inter-domain routing system by using the mimicry security defense thought as reference, an AC is internally recommended as a control node after the alliance is established, the alliance nodes report to the AC and share the connection relation and the forwarding capacity of the nodes and links and resources such as the link bandwidths, and the AC acquires k optimal paths that nodes out of the alliance pass through the alliance through a genetic algorithm; and then actual communication path random changing is conducted in the alliance according to security threats, path adjusting and shunting are conducted according to the system implementation conditions and the in-alliance resource constraints, and due to the fact that the alliance internally displays that the actual path changes and externally displays that the path keeps invariable, dynamic defense to the BGP-LDoS attack is achieved.

Description

Technical field: [0001] The invention relates to the field of Internet security, in particular to a mimic protection method for an inter-domain routing system based on an AS security alliance. Background technique: [0002] The inter-domain routing system based on BGP (Border Gateway Protocol) is located at the control level of the Internet. It is the basic mechanism for the interconnection of different autonomous domains and the exchange of network reachability information. It is also the main means for network operators to achieve policy control and is a key infrastructure for the Internet. . However, the lack of security considerations for the inter-domain routing system at the beginning of the design has caused the security of the inter-domain routing system to become increasingly prominent, and the attack methods against the inter-domain routing system are becoming more and more complex, and the damage caused is far greater than traditional network attacks. Especially the r...

AI Technical Summary

Problems solved by technology

However, these solutions are mainly to solve the problem of BGP’s lack of secure and trusted routing authentication mechanism and to ensure the authenticity and integrity of routing information in the process of propagating, preventing the occurrence of security problems such as prefix hijacking, route leakage, and path forgery. Only the control plane of the inter-domain routing system

The BGP-LDoS attack is mainly an attack on the data plane of the inter-domain routing system, that is, through large-scale link congestion, the nodes in the inter-domain routing system are repeatedly communicated, and a huge amount of routing update messages is generated, which exhausts the router's resources. Computing and storage resources, causing the paralysis of the inter-domain routing system

Therefore, the existing methods are difficult to effectively prevent BGP-LDoS attacks

Images