基于多特征的域间路由节点安全状态评估方法

域间路由节点安全状态评估能够实现对BGP节点安全状态的直观、实时描述,可为制定合理的安全策略,及时定位、抑制异常路由事件提供数据参考.然而由于完整的异常域间路由集难以获取,使得传统基于数据融合的状态评估方法不再适用.分析BGP节点间交互路由过程中存在的统计特征以及这些特征与域间路由节点安全状态的关系,进而提出一种基于多特征的安全状态评估方法.以平均路径长度和路由事件发生频率等属性为安全特征,并借鉴云模型理论转换定量特征为定性概念的思想,构建域间路由安全特征云,将正常态下的多属性综合安全特征转换为安全正常态,然后通过度量安全特征偏离正常态的程度来计算节点偏离正常态的程度,由此得到域间路由节点面临安全威胁的概率.实验结果表明,该方法能够实现对域间路由节点安全状态的评估,准确性高、实时性强,可为域间路由系统的安全稳定运行提供有力支撑.

A multi-characteristics-based method for evaluating the security situation of inter-domain routing nodes

The administrators of the AS（autonomous system） can develop a more rational strategy with the help of evaluating the secure state of the BGP（border gateway protocol） nodes. However, the existing fusion-based method is inapplicable because it needs an integrated set of abnormal inter-domain routes to ensure accurate results. In this paper, we first analyze the statistical characteristics existing in the process of exchanging routes between BGP nodes and the relationships between these characteristics, taking into account the security situation of a node. We then propose a multi-characteristics-based method for evaluating the security situation of inter- domain routing nodes that selects the average length of the routing path and the frequency of routing events as security characteristics, borrowing an idea from Cloud Model theory in transforming the values of quantitative characteristics to a qualitative concept. CSSAM, a security state awareness model, is proposed. It constructs a cloud model with a mass of numerical values of the security characteristics in the normal state, and then computes tile threat probability for the system, by measuring the degree of deviation of the security characteristics from their norms. The experimental results show that the method is capable of sensing the security situation of BGP nodes.