As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from high costs and insufficient flexibility. Thus, we propose an efficient BGP simulated network deployment system based on a virtualization technology called the SOD–BGP. This system, combining cloud computing and virtualization technologies, creates a scalable, highly flexible basic network environment that allows for the automated simulation and evaluation of actual BGP prefix hijacking attack scenarios. A Resource Public Key Infrastructure (RPKI) simulation suite is introduced into the system, emulating a certificate issuance system, certificate storage, and a certificate synchronization verification mechanism, thus aligning the simulation environment with real-world usage scenarios. Finally, we propose a data collection and performance evaluation technique to evaluate BGP networks deploying RPKI under different attack scenarios and to explore the effectiveness of RPKI defense mechanisms at various deployment rates. A comparative analysis with other simulation techniques demonstrates that our approach achieves a balanced performance in terms of deployment speed, complexity, and RPKI integrity, providing a solid simulation technology foundation for large-scale BGP security defense strategies.
Read full abstract