| 引用本文: |
-
刘自勉,邱菡,王瑞,朱俊虎,王清贤.BGP异常事件影响风险区域快速识别方法[J].信息安全学报,2025,10(2):103-115 [点击复制]
- LIU Zimian,QIU Han,WANG Rui,ZHU Junhu,WANG Qingxian.A Rapid Identification Method for Risk Areas Affected by BGP Anomalies[J].Journal of Cyber Security,2025,10(2):103-115 [点击复制]
|
|
| 摘要: |
| 域间路由网络是互联网的关键基础设施。由于域间路由网络的自适应机制,中断、攻击等BGP异常事件往往会引起级联效应,对网络正常运行带来巨大危害。面向异常响应的及时性需求,基于实时监测数据的BGP异常检测溯源方式存在滞后性,难以及时阻断异常传播。在事件初期识别可能受影响的风险区域可以在异常扩散前提供告警信息,支持提前进行有针对性的防护,降低异常的影响。然而现有识别影响风险区域的方法通常基于级联失效模型模拟异常传播过程,难以权衡识别准确率和识别速度。为此,提出一种BGP异常事件影响风险区域快速识别方法RRAI以适应大规模域间路由网络的需求。通过分析域间路由网络级联失效过程中节点和边的失效机制及相互作用原理,定义节点“风险度”用于识别易受当前异常区域影响的节点;针对初始异常节点位置分布的两类情况:集中式和分散式分布,分别提出针对单区域异常和多区域异常的风险区域识别算法,以初始异常区域为中心进行迭代式扩展,层层筛选风险较高的节点加入风险区域。考虑到现有方法的高复杂度,在小规模网络上与现有方法进行对比,实验结果表明,RRAI能在准确率提升的同时显著缩短运行时间。基于全球网络上的真实异常事件的实验结果表明,RRAI能够在10分钟以内有效预测所有受损程度高的节点,实现在大规模域间路由网络中快速识别风险区域。 |
| 关键词: 域间路由安全 BGP异常事件 级联失效 风险区域识别 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.03.07 |
| 投稿时间:2023-04-15修订日期:2023-07-07 |
| 基金项目:本论文得到河南省自然科学基金项目(No. 242300421415)资助。 |
|
| A Rapid Identification Method for Risk Areas Affected by BGP Anomalies |
|
LIU Zimian, QIU Han, WANG Rui, ZHU Junhu, WANG Qingxian
|
| (Institute of Cyberspace Security, PLA Strategic Support Force Information Engineering University, Zhengzhou 450001, China) |
| Abstract: |
| Inter-domain routing networks are the key infrastructure of the Internet. Due to the adaptive mechanism of inter-domain routing networks, BGP anomalies such as disruptions and attacks often cause cascading failures which bring great harm to network. To meet the demand for timely anomaly response, the BGP anomaly detection traceability method based on real-time monitoring data has a lag, making it difficult to block the propagation of anomalies in a timely manner. Identifying potentially impacted risk areas at the early stage of the anomalies can provide alert information before anomalies spread, which can help support targeted protection in advance to reduce the impact of anomalies. However, existing methods for identifying impact risk areas are often based on cascading failure models that simulate anomaly propagation processes, making it difficult to balance identification accuracy and speed in large-scale inter-domain routing networks. For this reason, a rapid method called RRAI is proposed to identify risk areas affected by BGP anomalies that can meet the realistic needs of large-scale inter-domain routing networks. Analyzing the failure mechanisms and interaction principles of nodes and edges in the cascading failure process of inter-domain routing networks, a metric called “risk degree” was defined for identifying nodes that are vulnerable to the current anomaly area. For two types of initial anomaly node location distributions: centralized and decentralized distributions, we propose risk area identification algorithms for single-area anomalies and multi-area anomalies, respectively. The initial abnormal area was used as the center for iterative expansion, and nodes with higher risk were added to the risk area by layer screening. Comparison with existing methods is based on small-scale networks due to the high complexity of existing methods. Results show that RRAI can reduce the runtime while improving accuracy significantly. Experimental results based on real anomalous events on global networks show that RRAI can effectively predict all highly impaired nodes in less than 10 minutes, thus enabling rapid identification of risk areas in large-scale inter-domain routing networks. |
| Key words: inter-domain routing security BGP anomalies cascading failure risk area identification |
