Reputation-Based Collaborative Management Method for Inter-Domain Routing Security

Abstract

如何抑制虚假路由的传播和恶意路由行为的发生,是域间路由安全管理的重要研究内容,对自治系统路由行为进行可信性评价和监督是其中的关键技术.设计了一种用于评价自治系统路由行为可信性的分布式协同信誉机制.该机制基于历史路由的有效性统计结果,采用后验概率分析的方法,由多个自治系统按照自组织协同的方式完成对目标自治系统的信誉计算,并将信誉计算结果作为度量该自治系统路由行为可信性的依据.实验结果表明,该机制能够抑制不良路由行为,有效提高域间路由系统的总体安全性,还能够为路由可信性分析和故障诊断提供依据,支持渐进式部署,;The main topic of inter-domain routing security management is how to suppress the propagation of untrustworthy routes and malicious routing behaviors. Supervising and evaluating autonomous system’s (AS)routing behaviors is a key technology in this topic. This paper designs a distributed collaborative reputation mechanism of trustworthiness evaluation for AS’s routing behaviors. The mechanism takes in the statistical results on routing trustworthiness published by AS, uses a self-organizing method, employs posterior probability analysis,and finally calculates a reputation score for a particular AS. The score will be used as a metric on the trustworthiness of the routing information that AS propagates or announces afterwards. In simulations, this reputation mechanism has been shown to effectively contain AS’s bad behaviors, and hence improve the overall security of the inter-domain system. The reputation mechanism designed in this research supplies a reference to evaluation and analysis of AS’s routing behaviors. It has the following features: It supports incremental deployment.It needn’t modify the BGP protocol, so it is easy to be implemented.