A threat perception method for inter-domain routing systems based on weighted similarity

Abstract

BGP (border gateway protocol) based inter-domain routing systems play an important role in the Internet. However, the BGP has certain design flaws, which result in many serious security problems for inter-domain routing systems. Compared to traditional attacks, such as prefix hijacking, large-scale LDoS attacks against inter-domain routing systems are extremely hard to detect, which is reflected in its attack traffic and reactions appearing to be legal. The concealment of such attacks makes existing security solutions insufficient. In this paper, we first analyze the feasibility of utilizing similarity theory for assessing the security situations in inter-domain routing systems. We then propose a similarity-theory-based method for evaluating the security situations in inter-domain routing systems. It uses multiple characteristics to describe the system security situation collectively and evaluates the security situation by measuring the deviation degree of the security characteristics to their norms. Because the ability of each characteristic to represent different attacks is not the same, we make use of weighted similarity to assess the deviation of the fusion characteristics from their normal state at various times. Experimental results show that our method can perceive threats in their early stages, regardless of an inter-domain routing system suffering from control plan attacks or data plan attacks.