计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (9): 131-135.

• 网络、通信与安全 • 上一篇    下一篇

域间路由系统异常检测引擎的设计与实现

王小强 朱培栋 邓文平 赵建强   

  1. 湖南长沙国防科技大学计算机学院学员5队 国防科学技术大学
  • 收稿日期:2006-07-18 修回日期:1900-01-01 出版日期:2007-03-21 发布日期:2007-03-21
  • 通讯作者: 王小强

Design and Implementation of Anomaly Detecting Engine for Inter-domain Routing System

  • Received:2006-07-18 Revised:1900-01-01 Online:2007-03-21 Published:2007-03-21

摘要: BGP是Internet域间路由协议事实上的标准,但是路由异常会严重干扰正常的BGP协议行为。域间路由监测利用现有网络资源对路由行为进行检测,具有扩展性好、部署方便以及不需对现有协议修改等特点,并能将监测结果用于路由配置的改进。异常检测引擎是域间路由监测系统的重要组成部分,本文采用动态的检测链生成技术在实现单视图中异常检测功能的同时提高了检测类型的扩展性,并提出一种基于相关数据集的快速定位和视图分类索引的异常检测算法提高了多视图检测的效率。实验表明,检测引擎在基于网络拓扑结构和路由状态的异常检测方面能力突出,并对多源冲突路由具有较好的检测效果。

Abstract: BGP is one of the most widely used Inter-domain Routing Protocol nowadays, but the routing anomaly disturbs the normal protocol behaviors badly. By making use of network resource existed, the monitor of Inter-domain Routing System doesn’t need to change any protocols in existence, so it can be easily expanded and deployed. Detecting Engine for BGP anomaly plays an important role in BGP routing monitoring. We adopt the dynamic forming technique of detecting-links to get a well expansibility on detecting types in Single-View, and propose a BGP anomaly detecting algorithm based on multiple views, which can increase the efficiency by looking for related result-set and accelerating the search speed based on the index of views. The experiment results show that the engine performs well in the detecting based on topology and routing states, and get a preferable effect on MOAS conflicts detecting.