摘要: 域间路由系统是Internet的基础设施和网络的关键支撑,然而由于其自身的脆弱性而存在许多安全方面的问题。从域间路由监测的角度出发,基于路由异常行为规则库和流量模式设计并实现了一个域间路由安全实时监测系统。系统可以实时检测网络流量异常以及非法路由,并向用户提供告警信息,同时根据BGP更新报文生成并维护BGP路由表,为基于路由表分析的监测方法做好了准备。给出了系统试验,并对系统性能进行了评价。
关键词:
域间路由系统,
BGP,
异常监测,
实时,
规则库,
流量模式
Abstract: Inter-domain route system is the critical part of the global communications infrastructure. However, inter-domain route system has severe healthy problems because of its own vulnerability. In view of inter-domain routing monitoring, it designs and implements a real-time security monitoring system based on anomaly behavior and traffic pattern. The system has real-time ability to detect anomaly of traffic and illegal route. As the same time, a BGP route table is maintained to prepare for further analysis based on UPDATE packet. In the end, some experiments have been done to evaluate system capability.
Key words:
Inter-domain route system,
BGP,
Anomaly monitoring,
Real-time,
Rule base,
Traffic pattern
李 凯;朱培栋;刘功杰. 域间路由安全实时监测系统的设计与实现[J]. 计算机工程, 2006, 32(18): 166-168.
LI Kai; ZHU Peidong; LIU Gongjie. Design and Implementation of Real-time Security Monitor System for Inter-domain Route[J]. Computer Engineering, 2006, 32(18): 166-168.