针对域间路由中间人攻击这一域间路由安全面临的新威胁,建立攻击模型并分析其在路由控制平面和数据平面所产生的异常特征,进而提出一种域间路由中间人攻击的实时检测系统。该系统首先通过控制平面异常监控发现可疑的异常路由,之后进行数据平面转发路径探测以鉴别该异常是否为域间路由中间人攻击。实际网络部署的测试结果表明:该系统是轻量级的,并能实时有效地检测出可能的域间路由中间人攻击。
Abstract
Man-in-the-middle attacks have become a new serious threat to inter-domain routing. This paper presents a real-time system for detecting inter-domain routing man-in-the-middle attacks based on an analysis of a threat model and key features in the control plane and the data plane. The detection system first monitors the anomalous route in the control plane and then probes the data plane to identify the inter-domain routing man-in-the-middle attack. Internet tests show that the detection system is light-weight and effectively detects probable man-in-the-middle attacks in inter-domain routing in real time.
关键词
域间路由 /
前缀劫持 /
中间人攻击 /
检测
Key words
inter-domain routing /
prefix hijacking /
man-in-the-middle attack /
detection
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
参考文献
[1] 黎松, 诸葛建伟, 李星. BGP安全研究[J]. 软件学报, 2013, 24(1):121-138.Li S, Zhuge J W, Li X. Study on BGP security[J]. Ruanjian Xuebao/Journal of Software, 2013, 24(1):121-138.(in Chinese)
[2] Hiran R, Carlsson N, Gill P. Characterizing large-scale routing anomalies:A case study of the China Telecom incident[J]. Lecture Notes in Computer Science, 2013:229-238.
[3] Dyn Research. The new threat:Targeted internet traffic misdirection[EB/OL].(2013-11-19). http://research.dyn.com/2013/11/mitm-internet-hijacking.
[4] Dyn Research. Uk traffic diverted through Ukraine[EB/OL].(2015-3-13). http://research.dyn.com/2015/03/uk-traffic-diverted-ukraine.
[5] Hu X, Mao Z M. Accurate real-time identification of IP prefix hijacking[C]//Security and Privacy, 2007. Oakland, California, USA:IEEE, 2007:3-17.
[6] Zhang Z, Zhang Y, Hu Y C, et al. iSPY:Detecting IP prefix hijacking on my own[J]. IEEE/ACM Transactions on Networking(TON), 2010, 18(6):1815-1828.
[7] Xiang Y, Wang Z, Yin X, et al. Argus:An accurate and agile system to detecting IP prefix hijacking[C]//Proc 19th IEEE International Conf Network Protocols. Vancouver, BC, Canada:IEEE, 2011:43-48.
[8] Ballani H, Francis P, Zhang X. A study of prefix hijacking and interception in the internet[J]. ACM Sigcomm Computer Communication Review, 2007, 37(4):265-276.
[9] Zhang Y, Pourzandi M. Studying impacts of prefix interception attack by exploring BGP AS-PATH prepending[C]//Proc 32nd IEEE International Conf Distributed Computing Systems. Macau, China:IEEE, 2012:667-677.
[10] Zheng C, Ji L, Pei D, et al. A light-weight distributed scheme for detecting ip prefix hijacks in real-time[J]. ACM Sigcomm Computer Communication Review, 2007, 37(4):277-288.
[11] Zhao X, Pei D, Wang L, et al. An analysis of BGP multiple origin AS(MOAS) conflicts[C]//Proc 1st ACM SIGCOMM Workshop on Internet Measurement. San Francisco, California, USA:ACM, 2001:31-35.
[12] Colorado State University. Welcome to BGPmon[DB/OL].[2015-08-18] http://www.bgpmon.io.
[13] University of Oregon's Advanced Network Technology Center. University of oregon route views project[DB/OL].[2015-08-18] http://www.routeviews.org.
[14] Jared Mauch. Open DNS Resolver Project[DB/OL].[2015-08-18] http://openresolverproject.org.
[15] Madhyastha H V, Isdal T, Piatek M, et al. iPlane:An information plane for distributed services[C]//Proc 7th symposium on Operating systems design and implementation. Seattle, WA, USA:USENIX Association, 2006:367-380.
[16] China Education and Research Network Center. CERNET-中国教育和科研计算机网[EB/OL].[2015-08-18] http://www.edu.cn/cernet_fu_wu/.
[17] Gao L. On inferring autonomous system relationships in the Internet[J]. IEEE/ACM Transactions on Networking(ToN), 2001, 9(6):733-745.
[18] Center for Applied Internet Data Analysis. The caida ucsd as-relationships[DB/OL].[2015-08-01] http://data.caida.org/datasets/as-relationships/serial-1.
PDF(1290 KB)
