作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2006, Vol. 32 ›› Issue (18): 166-168. doi: 10.3969/j.issn.1000-3428.2006.18.060

• 安全技术 • 上一篇    下一篇

域间路由安全实时监测系统的设计与实现

李 凯,朱培栋,刘功杰   

  1. (国防科学技术大学计算机学院,长沙 410073;现代通信国家重点实验室,成都 610041)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2006-09-20 发布日期:2006-09-20

Design and Implementation of Real-time Security Monitor   System for Inter-domain Route

LI Kai, ZHU Peidong, LIU Gongjie   

  1. (School of Computer, National University of Defense Technology, Changsha 410073; National Laboratory for Modern Communiations, Chengdu 610041)
  • Received:1900-01-01 Revised:1900-01-01 Online:2006-09-20 Published:2006-09-20

摘要: 域间路由系统是Internet的基础设施和网络的关键支撑,然而由于其自身的脆弱性而存在许多安全方面的问题。从域间路由监测的角度出发,基于路由异常行为规则库和流量模式设计并实现了一个域间路由安全实时监测系统。系统可以实时检测网络流量异常以及非法路由,并向用户提供告警信息,同时根据BGP更新报文生成并维护BGP路由表,为基于路由表分析的监测方法做好了准备。给出了系统试验,并对系统性能进行了评价。

关键词: 域间路由系统, BGP, 异常监测, 实时, 规则库, 流量模式

Abstract: Inter-domain route system is the critical part of the global communications infrastructure. However, inter-domain route system has severe healthy problems because of its own vulnerability. In view of inter-domain routing monitoring, it designs and implements a real-time security monitoring system based on anomaly behavior and traffic pattern. The system has real-time ability to detect anomaly of traffic and illegal route. As the same time, a BGP route table is maintained to prepare for further analysis based on UPDATE packet. In the end, some experiments have been done to evaluate system capability.

Key words: Inter-domain route system, BGP, Anomaly monitoring, Real-time, Rule base, Traffic pattern