基于信誉的域间路由选择机制的研究与实现

doi:10.11959/j.issn.1000-436x.2023114

Abstract

Abstract:

To solve the problem of lack of validation for exchanging messages in BGP, a inter-domain routing mechanism, which consisted of a reputation evaluation mechanism and a reputation-based BGP optimal routing algorithm, was proposed.The reputation evaluation mechanism used a distributed autonomous system (AS) alliance architecture, which divided node routing behavior in detail.The service domain and observation weight were used as indicators to quantify the impact of node behavior.By designing a feedback mechanism, the reputation value not only reflected the good and bad of nodes, but also reflected the node’s resistance to malicious attacks.The reputation-based BGP routing selection algorithm adds a “security” policy to the existing routing selection algorithm by filtering routes containing low-reputation nodes and selecting the best route among high reputation routes.The experimental results show that the proposed mechanism outperform most existing reputation mechanisms by avoiding routes with vulnerable nodes and restraining the propagation of illegal routes, thereby providing a more secure inter-domain routing environment.

Key words: border gateway protocol, reputation mechanism, routing selection mechanism, network security

CLC Number:

TP393

Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism[J]. Journal on Communications, 2023, 44(6): 47-56.

Figures/Tables 12

References 24

[1]	REKHTER Y , LI T , HARES S . A border gateway protocol 4(BGP-4)[S]. Internet Engineering Task Force (IETF) RFC 4271, 2006.
[2]	王娜, 杜学绘, 王文娟 ,等. 边界网关协议安全研究综述[J]. 计算机学报, 2017,40(7): 1626-1648.
	WANG N , DU X H , WANG W J ,et al. A survey of the border gateway protocol security[J. Chinese Journal of Computers, 2017,40(7): 1626-1648.
[3]	HUDAIB A A Z , HUDAIB E A Z . DNS advanced attacks and analysis[J]. International Journal of Computer Science and Security (IJCSS), 2014,8(2): 63.
[4]	MIRKOVIC J , REIHER P . A taxonomy of DDoS attack and DDoS defense mechanisms[J]. ACM SIGCOMM Computer Communication Review, 2004,34(2): 39-53.
[5]	CONTI M , DRAGONI N , LESYK V . A survey of man in the middle attacks[J]. IEEE Communications Surveys ＆ Tutorials, 2016,18(3): 2027-2051.
[6]	HUSTON G , MICHAELSON G . Validation of route origination using the resource certificate public key infrastructure (PKI) and route origin authorizations (ROAs)[S]. Internet Engineering Task Force (IETF) RFC 6483, 2012.
[7]	KENT S , LYNN C , SEO K . Secure border gateway protocol (S-BGP)[C]// Proceedings of IEEE Journal on Selected Areas in Communications. Piscataway:IEEE Press, 2002: 582-592.
[8]	WHITE R . Architecture and deployment considerations for secure origin BGP (soBGP)[R]. 2006.
[9]	WHITE R . Securing BGP through secure origin BGP (soBGP)[J]. Business Communications Review, 2003,33(5): 47.
[10]	LEPINSKI M , SRIRAM K . BGPsec protocol specification[S]. Internet Engineering Task Force (IETF) RFC 8205, 2017.
[11]	LYCHEV R , GOLDBERG S , SCHAPIRA M . BGP security in partial deployment[J]. ACM SIGCOMM Computer Communication Review, 2013,43(4): 171-182.
[12]	CHUNG T , ABEN E , BRUIJNZEELS T ,et al. RPKI is coming of age:a longitudinal study of RPKI deployment and invalid route origins[C]// Proceedings of the Internet Measurement Conference. New York:ACM Press, 2019: 406-419.
[13]	GILAD Y , COHEN A , HERZBERG A ,et al. Are we there yet? on RPKI’s deployment and security[C]// Proceedings of 2017 Network and Distributed System Security Symposium. Reston:Internet Society, 2017: 1-16.
[14]	BATTISTA G D , REFICE T , RIMONDINI M . How to extract BGP peering information from the Internet routing registry[C]// Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data. New York:ACM Press, 2006: 317-322.
[15]	GOODELL G , AIELLO W , GRIFFIN T ,et al. Working around BGP:an incremental approach to improving security and accuracy in interdomain routing[C]// Proceedings of the Network and Distributed System Security Symposium. Saarland:DBLP, 2003: 1-11.
[16]	MITSEVA A , PANCHENKO A , ENGEL T . The state of affairs in BGP security:a survey of attacks and defenses[J]. Computer Communications, 2018,124: 45-60.
[17]	刘湘辉, 殷建平, 唐乐乐 ,等. 网络流量的有效测量方法分析[J]. 软件学报, 2003,14(2): 300-304.
	LIU X H , YIN J P , TANG L L ,et al. Analysis of efficient monitoring method for the network flow[J. Journal of Software, 2003,14(2): 300-304.
[18]	WANG N , WANG B Q . A reputation-based method to secure inter-domain routing[C]// Proceedings of 2013 IEEE 10th International Conference on High Performance Computing and Communications ＆2013 IEEE International Conference on Embedded and Ubiquitous Computing. Piscataway:IEEE Press, 2014: 1424-1429.
[19]	HU N , ZHU P D , ZOU P . Reputation mechanism for inter-domain routing security management[C]// Proceedings of 2009 Ninth IEEE International Conference on Computer and Information Technology. Piscataway:IEEE Press, 2009: 98-103.
[20]	LEE J Y , OH J C . Applications of social media and social network analysis[M]. Germany: Springer International Publishing, 2015.
[21]	NU X , WEI L , YOU L ,et al. A trust model for the inter-domain routing system[J]. Journal of Computer Research and Development, 2016,53(4): 845.
[22]	陈迪, 邱菡, 祝凯捷 ,等. 基于自治域协同的域间路由信誉模型[J]. 中国科学(信息科学), 2021,51(9): 1540-1558.
	CHEN D , QIU H , ZHU K J ,et al. An inter-domain routing reputation model based on autonomous domain collaboration[J. Scientia Sinica (Informationis), 2021,51(9): 1540-1558.
[23]	KONTE M , PERDISCI R , FEAMSTER N . ASwatch:an AS reputation system to expose bulletproof hosting ASes[C]// Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication. New York:ACM Press, 2015: 625-638.
[24]	FILSFILS C , MICHIELSEN K , TALAULIKAR K . Segment routing详解 (第一卷)[M]. 苏远超,蒋治春,译. 北京: 人民邮电出版社, 2017.
	FILSFILS C , MICHIELSEN K , TALAULIKAR K . Segment routing part I[M. Translated by SU Y C,JIANG Z C. Beijing: Posts ＆ Telecom Press, 2017.

Metrics

Recommended 0

No Suggested Reading articles found!

行为模式	定义
合法路由宣告	节点宣告了属于本自治域的前缀
前缀劫持	节点宣告了不属于本自治域的前缀
路径劫持	节点通过篡改路由更新报文的 AS_PATH 属性伪造了路由，并将伪造的路由转发给了其他节点
非法路由转发	节点转发了来自攻击者的路由，如转发了被劫持前缀的路由，或转发了伪造的路由
合法路由转发	节点进行了路由转发，且路由并不来自攻击者

参数	值
α	0.5
β	0.5
γ	1.0
ρ	2.0
ω	1.0
τ	1.0
σ	0.367 9
初始全局信誉	0.800 0

路由选择机制	非法路由占比	感染路径占比
机制1	3.075‰	8.543‰
机制2	2.571‰	4.307‰

Research and implementation of reputation-based inter-domain routing selection mechanism

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 24

Related Articles 15

Metrics

Recommended 0

[1]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[2]	Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence [J]. Journal on Communications, 2021, 42(6): 182-194.
[3]	Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices [J]. Journal on Communications, 2021, 42(2): 154-167.
[4]	Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254.
[5]	Tao HUANG, Jiang LIU, Shuo WANG, Chen ZHANG, Yunjie LIU. Survey of the future network technology and trend [J]. Journal on Communications, 2021, 42(1): 130-150.
[6]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[7]	Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU [J]. Journal on Communications, 2020, 41(1): 102-113.
[8]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[9]	Zhiyong LUO, Xu YANG, Guanglu SUN, Zhiqiang XIE, Jiahui LIU. Finite automaton intrusion tolerance system model based on Markov [J]. Journal on Communications, 2019, 40(10): 79-89.
[10]	Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36.
[11]	Xiaodong ZANG,Jian GONG,Xiaoyan HU. Detecting malicious domain names based on AGD [J]. Journal on Communications, 2018, 39(7): 15-25.
[12]	Hui LIN,Mengyang YU,Youliang TIAN,Yijie HUANG. Dynamic game and reliable recommendation based transferring reputation mechanism for mobile cloud computing [J]. Journal on Communications, 2018, 39(5): 85-93.
[13]	Le-yi SHI,Hui SUN,Yu-wen CUI,Hong-bin GUO,Jian-lan LI. Web plug-in paradigm for anti-DoS attack based on end hopping [J]. Journal on Communications, 2017, 38(Z1): 19-24.
[14]	Tao WANG,Hong-chang CHEN,Guo-zhen CHENG. Research on software-defined network and the security defense technology [J]. Journal on Communications, 2017, 38(11): 133-160.
[15]	Tao YIN,Shi-cong LI,Yu-peng TUO,Yong-zheng ZHANG. Modeling and countermeasures of a social network-based botnet with strong destroy-resistance [J]. Journal on Communications, 2017, 38(1): 97-105.