域间路由安全性与健壮性关键问题研究
|
摘要
基于BGP(Border Gateway Protocol)的域间路由系统作为Internet的核心基础设施,在安全性与健壮性方面还存在诸多问题:一方面,它缺乏安全的协议机制和有效的监管手段,容易遭受各种攻击;另一方面,它的拓扑结构仍然存在脆弱性,端到端的连通性容易遭到路由设备故障、网络攻击以及自然灾害的破坏。研究域间路由系统的安全性与健壮性,对增强整个Internet的可靠性具有重要意义。
本文面向域间路由系统安全性与健壮性领域的关键问题展开研究。针对其安全性,提出了基于模糊集理论的前缀宣告可信性评估方法,用于检测前缀劫持网络攻击;针对其健壮性,研究了Internet自治系统级(Autonomous System,AS)拓扑的健壮性测度与增强机制,并对与AS拓扑健壮性紧密相关的AS路径推断问题做了系统全面的分析。主要贡献和创新点包括以下五个方面:
(1)对IP前缀宣告的可信性评估方法:多年来,前缀劫持事件时有发生并对Internet产生严重影响,其根源在于Internet对前缀劫持缺乏有效的防范措施与检测方法。本文提出了一种基于模糊集理论的IP前缀宣告可信性评估方法,从连续的历史路由表快照中提取“前缀-源AS”映射,根据它们的稳定性动态构造基本的“前缀-源AS”映射模糊可信集;基于基本的模糊可信集,进一步提出了对任意“前缀-源AS”映射进行可信性评估的方法。实验表明,本文方法的准确率达到99.85%,能有效检测与验证路由宣告中的前缀劫持。
(2)域间路由系统的强度攻击和连锁故障模型:随着防火墙技术的发展和主机安全防护能力的提高,从数据平面对Internet实施大规模强度攻击(如蠕虫攻击)的难度大大增加。本文结合复杂网络的耦合共振机制,设计了一种通过控制平面对Internet实施路由强度攻击的方法;提出了路由强度攻击下的连锁故障模型,对域间路由系统在路由强度攻击下的连锁故障反应做了全面的刻画与模拟。实验模拟结果表明,从控制平面对域间路由系统的路由强度攻击可引发大规模的连锁故障并对Internet的连通性造成严重的影响,但在部分节点对强度攻击具有免疫力的情况下,域间路由系统的健壮性将显著增强。
(3)全局AS拓扑的k-容错模型:网络的k-容错是指在任意k个节点或者链路发生故障的情况下,剩余网络中的任意节点对之间仍然相互可达。受路由策略的约束,用传统的简单图理论已不再能刻画AS之间的连通性,AS拓扑的k-容错判定问题也因此变得更复杂。本文结合网络拓扑理论与路由策略约束提出了AS拓扑的k-容错模型,该模型定义了AS拓扑k-容错判定的充要条件。基于k-容错模型定义的充要条件,进一步提出了在任何给定的AS拓扑之上实现k-容错的具体方法。研究结果表明,当前互联网的AS拓扑仅为0-容错的;把AS拓扑增补到k-容错(如k=1),其健壮性也得以显著增强;当k=1时,在给定的AS拓扑之上实现k-容错的链路代价是可接受的,仅需要新增加的上游链路数为7,447,占AS拓扑总链路数的4.5%。
(4)单个AS的健壮性测度与增强机制:尽管在k-容错模型中任意AS之间的连通性都可承受k个AS级的节点或链路故障,但是,实现k-容错的代价相对高昂,需要所有的AS都满足相应的约束条件。本文结合AS拓扑的层次结构以及蒙哥定理,提出了针对单个AS的健壮性测度指标―“不相交的顶级上坡路径数”,即,单个AS对节点/链路故障的健壮性取决于它所拥有的到达顶级AS的节点不相交/边不相交的上坡路径条数。统计表明,尽管78.1%的非顶级AS拥有2条以上的上游链路,但却只有74.2%(73.6%)的非顶级AS拥有2条以上的边不相交(节点不相交)的顶级上坡路径。基于健壮性测度指标进一步提出了面向单个AS的健壮性增强机制与方法,该方法可以保证增加一条上游链路即能确保该AS所拥有的到达顶级AS的不相交上坡路径数在原来的基础上增加1。
(5)对AS路径推断一致性问题的研究:AS路径推断技术被广泛应用于拓扑健壮性分析与网络性能优化等方面。目前,业内尚没有对推断路径与实际路径之间的一致性进行系统全面的分析,对其可用性缺乏充分的论证。本文系统地研究了AS路径推断的一致性问题,采用当今最具代表性的几种路径推断算法,从一致性的角度对推断路径与实际路径做了全面的比较;深入分析了推断路径与实际路径之间不一致性产生的根源:AS的局部路由控制策略(如“选择性宣告”)对路由传播与扩散的影响。实验结果表明推断路径与实际路径之间存在显著差异,揭示了现有AS路径推断技术的局限性。要提高AS路径推断的准确性,还需要确切知道AS的局部路由控制策略。
本文的研究成果对于域间路由系统的安全监测和拓扑规划具有重要的支撑作用和实际的指导意义。
The inter-domain routing system based on BGP is the core infrastructure of the Internet. However, there are many issues in its security and resilience. On the one hand, it is vulnerable to various attacks due to the lack of security mechanisms and monitoring measures. On the other hand, its topology is fragile to physical malfunctions, malicious attacks and natural disasters. Hence, studying the security and resilience of inter-domain routing system is indeed necessary for the reliability of the whole Internet.
This paper focuses on critical issues in inter-domain routing system. As for its security, we propose a method to evaluate the trustworthiness of prefix announcements in order to detect prefix hijacking. As for its resilience, we investigate the characterization and improvement for the resilience of the Internet AS (Autonomous System) topology, and provide an insightful analysis on the consistency issue in AS path inference. The major contributions and innovations are summarized as follows.
(1) Trustworthiness evaluation for prefix origins: The Internet has been suffering from prefix hijacking for many years due to the lack of defense and detection mechanisms. In this paper, we propose a method based on fuzzy set theory to evaluate the trustworthiness of prefix-AS mappings from successive BGP routing table snapshots. We construct an up-to-date trustworthy set of prefix-AS mappings with their trustworthiness inferred from the stability of the mappings. Drawing further on this, we extend our method to evaluate the trustworthiness of arbitrary prefix-AS mappings. The experimental results show that the accuracy of our method is as high as 99.85% and the method can be used to detect prefix hijacking effectively.
(2) BGP routing stress attack and the cascading failure model: With the development of firewall technology and hosts’security capabilities, conducting stress attacks (such as worm attacks) in the Internet data plane is becoming more and more difficult. In this paper, we present a method availing BGP routing stress to attack the Internet from its control plane, by leveraging coupling and oscillation mechanisms in complex systems. Afterwards we design a cascading failure model to characterize and simulate behaviors of the inter-domain routing system under such attacks. The simulation results show that the proposed attack can cause large-scale cascading failures and Internet connectivity can be severely affected. However, given there are a portion of ASes that have immunity to the routing stress, the resilience will be greatly enhanced.
(3) k-fault tolerance for the global AS topology: A network is k-fault tolerant if any pair of nodes can keep their reachability to each other even there are arbitrary k node or link failures. General graph theory is limited in characterizing the connectivity of Internet AS topology due to complex AS relationships. In consequence, k-fault tolerance in the Internet AS topology is more challenging than that in general graphs. Taking into account both topological connectivity and compliance to routing policies, we propose a k-fault tolerant model for AS topology by availing its inherent hierarchical structure. The model consists of necessary and sufficient csonditions for k-fault tolerance. Drawing further on this, we propose a method for the k-fault tolerance augmentation. The results reveal that the real AS topology is only 0-fault tolerant. The k-fault tolerant AS topology exhibits significantly better resilience, yet the edge cost for 1-fault tolerant augmentation is acceptable, i.e., 7,447 extra links (4.5% of the total links) are needed.
(4) Resilience characterization and improvement for individual ASes: Although the k-fault tolerant model can already guarantee the resilience by k-fault tolerance, it is expensive to achieve k-fault tolerance on a global scale and requires that all ASes satisfy the conditions for k-fault tolerance. In order to characterize the resilience of individual ASes, we propose the metrics based on AS hierarchy and Menger’s Theorem, i.e., the number of node-/link-disjoint uphill paths to Tier-1 ASes. In our observations, although 78.1% of all non-Tier-1 ASes have at least two upstream links, only 74.2% (73.6%) of all non-Tier-1 ASes have at least two link-disjoint (node-disjoint) uphill paths to Tier-1 ASes. In light of this, we present a scheme to improve the resilience of individual ASes from a global perspective. With our approach, the number of disjoint uphill paths can be definitely increased by one with adding an extra upstream link.
(5) Insights in the consistency between inferred paths & observed paths: AS path inference is widely used in topology resilience analysis and network performance optimization. However, little of the literature has performed a systematic and comprehensive study on the availability of such a technique taking into account the consistency between inferred paths and observed paths. In this paper, we provide a comprehensive and systematic study on the consistency between inferred computed by typical path inferring algorithms and real paths observed from routing tables, and investigate the fundamental causes for inconsistencies between inferred and observed paths. The results reveal the big differentce between inferred and observed paths, and expose limitations of current AS path inference algorithms. To achieve high accuracy in AS path inference, there is the need to know ASes’local routing policies.
In summary, our work can provide support and guideline for security monitoring and topology design of the inter-domain routing system.
本文面向域间路由系统安全性与健壮性领域的关键问题展开研究。针对其安全性,提出了基于模糊集理论的前缀宣告可信性评估方法,用于检测前缀劫持网络攻击;针对其健壮性,研究了Internet自治系统级(Autonomous System,AS)拓扑的健壮性测度与增强机制,并对与AS拓扑健壮性紧密相关的AS路径推断问题做了系统全面的分析。主要贡献和创新点包括以下五个方面:
(1)对IP前缀宣告的可信性评估方法:多年来,前缀劫持事件时有发生并对Internet产生严重影响,其根源在于Internet对前缀劫持缺乏有效的防范措施与检测方法。本文提出了一种基于模糊集理论的IP前缀宣告可信性评估方法,从连续的历史路由表快照中提取“前缀-源AS”映射,根据它们的稳定性动态构造基本的“前缀-源AS”映射模糊可信集;基于基本的模糊可信集,进一步提出了对任意“前缀-源AS”映射进行可信性评估的方法。实验表明,本文方法的准确率达到99.85%,能有效检测与验证路由宣告中的前缀劫持。
(2)域间路由系统的强度攻击和连锁故障模型:随着防火墙技术的发展和主机安全防护能力的提高,从数据平面对Internet实施大规模强度攻击(如蠕虫攻击)的难度大大增加。本文结合复杂网络的耦合共振机制,设计了一种通过控制平面对Internet实施路由强度攻击的方法;提出了路由强度攻击下的连锁故障模型,对域间路由系统在路由强度攻击下的连锁故障反应做了全面的刻画与模拟。实验模拟结果表明,从控制平面对域间路由系统的路由强度攻击可引发大规模的连锁故障并对Internet的连通性造成严重的影响,但在部分节点对强度攻击具有免疫力的情况下,域间路由系统的健壮性将显著增强。
(3)全局AS拓扑的k-容错模型:网络的k-容错是指在任意k个节点或者链路发生故障的情况下,剩余网络中的任意节点对之间仍然相互可达。受路由策略的约束,用传统的简单图理论已不再能刻画AS之间的连通性,AS拓扑的k-容错判定问题也因此变得更复杂。本文结合网络拓扑理论与路由策略约束提出了AS拓扑的k-容错模型,该模型定义了AS拓扑k-容错判定的充要条件。基于k-容错模型定义的充要条件,进一步提出了在任何给定的AS拓扑之上实现k-容错的具体方法。研究结果表明,当前互联网的AS拓扑仅为0-容错的;把AS拓扑增补到k-容错(如k=1),其健壮性也得以显著增强;当k=1时,在给定的AS拓扑之上实现k-容错的链路代价是可接受的,仅需要新增加的上游链路数为7,447,占AS拓扑总链路数的4.5%。
(4)单个AS的健壮性测度与增强机制:尽管在k-容错模型中任意AS之间的连通性都可承受k个AS级的节点或链路故障,但是,实现k-容错的代价相对高昂,需要所有的AS都满足相应的约束条件。本文结合AS拓扑的层次结构以及蒙哥定理,提出了针对单个AS的健壮性测度指标―“不相交的顶级上坡路径数”,即,单个AS对节点/链路故障的健壮性取决于它所拥有的到达顶级AS的节点不相交/边不相交的上坡路径条数。统计表明,尽管78.1%的非顶级AS拥有2条以上的上游链路,但却只有74.2%(73.6%)的非顶级AS拥有2条以上的边不相交(节点不相交)的顶级上坡路径。基于健壮性测度指标进一步提出了面向单个AS的健壮性增强机制与方法,该方法可以保证增加一条上游链路即能确保该AS所拥有的到达顶级AS的不相交上坡路径数在原来的基础上增加1。
(5)对AS路径推断一致性问题的研究:AS路径推断技术被广泛应用于拓扑健壮性分析与网络性能优化等方面。目前,业内尚没有对推断路径与实际路径之间的一致性进行系统全面的分析,对其可用性缺乏充分的论证。本文系统地研究了AS路径推断的一致性问题,采用当今最具代表性的几种路径推断算法,从一致性的角度对推断路径与实际路径做了全面的比较;深入分析了推断路径与实际路径之间不一致性产生的根源:AS的局部路由控制策略(如“选择性宣告”)对路由传播与扩散的影响。实验结果表明推断路径与实际路径之间存在显著差异,揭示了现有AS路径推断技术的局限性。要提高AS路径推断的准确性,还需要确切知道AS的局部路由控制策略。
本文的研究成果对于域间路由系统的安全监测和拓扑规划具有重要的支撑作用和实际的指导意义。
The inter-domain routing system based on BGP is the core infrastructure of the Internet. However, there are many issues in its security and resilience. On the one hand, it is vulnerable to various attacks due to the lack of security mechanisms and monitoring measures. On the other hand, its topology is fragile to physical malfunctions, malicious attacks and natural disasters. Hence, studying the security and resilience of inter-domain routing system is indeed necessary for the reliability of the whole Internet.
This paper focuses on critical issues in inter-domain routing system. As for its security, we propose a method to evaluate the trustworthiness of prefix announcements in order to detect prefix hijacking. As for its resilience, we investigate the characterization and improvement for the resilience of the Internet AS (Autonomous System) topology, and provide an insightful analysis on the consistency issue in AS path inference. The major contributions and innovations are summarized as follows.
(1) Trustworthiness evaluation for prefix origins: The Internet has been suffering from prefix hijacking for many years due to the lack of defense and detection mechanisms. In this paper, we propose a method based on fuzzy set theory to evaluate the trustworthiness of prefix-AS mappings from successive BGP routing table snapshots. We construct an up-to-date trustworthy set of prefix-AS mappings with their trustworthiness inferred from the stability of the mappings. Drawing further on this, we extend our method to evaluate the trustworthiness of arbitrary prefix-AS mappings. The experimental results show that the accuracy of our method is as high as 99.85% and the method can be used to detect prefix hijacking effectively.
(2) BGP routing stress attack and the cascading failure model: With the development of firewall technology and hosts’security capabilities, conducting stress attacks (such as worm attacks) in the Internet data plane is becoming more and more difficult. In this paper, we present a method availing BGP routing stress to attack the Internet from its control plane, by leveraging coupling and oscillation mechanisms in complex systems. Afterwards we design a cascading failure model to characterize and simulate behaviors of the inter-domain routing system under such attacks. The simulation results show that the proposed attack can cause large-scale cascading failures and Internet connectivity can be severely affected. However, given there are a portion of ASes that have immunity to the routing stress, the resilience will be greatly enhanced.
(3) k-fault tolerance for the global AS topology: A network is k-fault tolerant if any pair of nodes can keep their reachability to each other even there are arbitrary k node or link failures. General graph theory is limited in characterizing the connectivity of Internet AS topology due to complex AS relationships. In consequence, k-fault tolerance in the Internet AS topology is more challenging than that in general graphs. Taking into account both topological connectivity and compliance to routing policies, we propose a k-fault tolerant model for AS topology by availing its inherent hierarchical structure. The model consists of necessary and sufficient csonditions for k-fault tolerance. Drawing further on this, we propose a method for the k-fault tolerance augmentation. The results reveal that the real AS topology is only 0-fault tolerant. The k-fault tolerant AS topology exhibits significantly better resilience, yet the edge cost for 1-fault tolerant augmentation is acceptable, i.e., 7,447 extra links (4.5% of the total links) are needed.
(4) Resilience characterization and improvement for individual ASes: Although the k-fault tolerant model can already guarantee the resilience by k-fault tolerance, it is expensive to achieve k-fault tolerance on a global scale and requires that all ASes satisfy the conditions for k-fault tolerance. In order to characterize the resilience of individual ASes, we propose the metrics based on AS hierarchy and Menger’s Theorem, i.e., the number of node-/link-disjoint uphill paths to Tier-1 ASes. In our observations, although 78.1% of all non-Tier-1 ASes have at least two upstream links, only 74.2% (73.6%) of all non-Tier-1 ASes have at least two link-disjoint (node-disjoint) uphill paths to Tier-1 ASes. In light of this, we present a scheme to improve the resilience of individual ASes from a global perspective. With our approach, the number of disjoint uphill paths can be definitely increased by one with adding an extra upstream link.
(5) Insights in the consistency between inferred paths & observed paths: AS path inference is widely used in topology resilience analysis and network performance optimization. However, little of the literature has performed a systematic and comprehensive study on the availability of such a technique taking into account the consistency between inferred paths and observed paths. In this paper, we provide a comprehensive and systematic study on the consistency between inferred computed by typical path inferring algorithms and real paths observed from routing tables, and investigate the fundamental causes for inconsistencies between inferred and observed paths. The results reveal the big differentce between inferred and observed paths, and expose limitations of current AS path inference algorithms. To achieve high accuracy in AS path inference, there is the need to know ASes’local routing policies.
In summary, our work can provide support and guideline for security monitoring and topology design of the inter-domain routing system.
引文
[1] Stewart J. BGPv4: Inter-Domain Routing in the Internet: Addison-Wesley, 1999.
[2] Halabi B. Internet Routing Architectures (2nd edition). Cisco Press, 2001.
[3] Rekhter Y, Tony L. A Border Gateway Protocol 4 (BGP-4). IETF RFC 1771, 1995.
[4] Malkin G. RIP Version 2. IETF RFC 2453, 1998.
[5] Callon R. Use of OSI IS-IS for routing in TCP/IP and dual environments. IETF RFC 1195, 1990.
[6] John M. OSPF Version 2. IETF RFC 2328, 1998.
[7] Mills D. External Gateway Protocol Formal Specification. IETF RFC 904, 1984.
[8] Rekhter Y. Inter-Domain Routing Protocol (IDRP). Internetworking: Research and Experience, 1993, Vol 4.
[9] Rekhter Y, Li T, Hares S. A Border Gateway Protocol 4 (BGP-4), IETF RFC4271, 2006.
[10] Gao L. On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Transactions on Networking, 2000, 9(6):733–745.
[11] Subramanian J, Agarwal V, Katz R. Characterizing the Internet Hierarchy form Multiple Vantage Points. In: Proc. of the IEEE INFOCOM, 2002.
[12] Ge Z, Figueiredo D, Jaiwal S, Gao L. On the Hierarchical Structure of the Logical Internet Graph. In: Prof. of the SPIE ITCOM, 2001.
[13] Lougheed K, Rekhter Y. A Border Gateway Protocol (BGP). IETF RFC 1105, 1989.
[14] Caesar M, Rexford J. BGP Routing Policies in ISP Networks. IEEE Network Magazine, 2005, 19 (6): 5-11.
[15] Battista G, Erlebach T, Hall A, Patrignani M, Pizzonia M, Schank T. Computing the Types of the Relationships between Autonomous Systems. IEEE/ACM Trans. Networking, 2007, 15 (2): 267-280.
[16] CAIDA. AS Commercial Relationship Data, http://as-rank.caida.org/data/.
[17] Wu J, Zhang Y, Mao Z, Shin K. Internet Routing Resilience to Failures: Analysis and Implications. In: Proc. of the ACM CoNEXT, 2007.
[18] Mühlbauer W, Feldmann A, Maennel O, Roughan M, Uhlig S. Building an AS-Topology Model that Captures Route Diversity. In: Proc. of the ACM SIGCOMM, 2006.
[19] Gao L, Rexford J. Stable Internet Routing Without Global Coordination. IEEE/ACM Trans. Networking, 2001, 9 (6): 681-692.
[20] Murphy Sandra. BGP Security Vulnerabilities Analysis. IETF RFC 4272, 2006.
[21] Siganos G, Faloutsos M. Neighborhood Watch for Internet Routing: Can weimprove the Robustness of Internet Routing Today? In: Proc.of the IEEE INFOCOM, 2007.
[22] Schneier B. Click Here to Bring Down the Internet. http://www.schneier.com /essay-003.html.
[23] Cowie J, Ogielski A, Premore B, Yuan Y. Global Routing Instabilities Triggered by Code Red II and Nimda Worm Attacks. Tech. Rep, Renesys Corporation, 2001.
[24] Agarwal S, Chuah C, Bhattacharyya S, Diot C. Impact of BGP Dynamic on Router CPU Utilization. In: Proc. of the PAM, 2004.
[25] Mérindol P, Schrieck V. V, Donnet B, Bonaventure O, Pansiot J. Quantifying ASes Multiconnectivity Using Multicast Information. In: Proc. of the ACM IMC, 2009.
[26] Smith P. BGP Multihoming Techniques. In NANOG-41 Meeting, 2007.
[27] CIDR report. http://www.cidr-report.org/as2.0/.
[28] Albert R, Barabási A. Statistical Mechanics of Complex Networks. Rev. Mod. Phys. 2002, 74: 47–97.
[29] The North American Network Operators’Group. http://www.nanog.org/.
[30] Anti-Phishing Working Group. http://www.antiphishing.org.
[31] Barbir A, Murphy S, Yang Y. Generic Threats to Routing Protocols. IETF RFC 4593, 2006.
[32] Nordstr?m O, Dovrolis C. Beware of BGP Attacks. ACM SIGCOMM Computer Communications Review, 2004, 34(2): 1-8.
[33] Ballani H, Francis P, Zhang X. A Study of Prefix Hijacking and Interception in the Internet. In: Proc. of the SIGCOMM, 2007.
[34] BGP Best Path Selection Algorithm. http://www.cisco.com/warp/public /459/25.shtml.
[35] Wenping D, Peidong Z, Xicheng L, Bernhard P. On Evaluating BGP Routing Stress Attack. Journal of Communications, 2010, 5(1): 13-22.
[36] Schuchard Max, Vasserman Eugene Y, Mohaisen Abedelaziz, Kune Denis Foo, Hopper Nicholas, Kim Yongdae. Losing Control of the Internet: Using the Data Plane to Attack the Control Plane. In: Proc. of the NDSS, 2010.
[37] Zhang Y, Mao Z, Wang J. Low-rate tcp-targeted dos attack disrupts internet routing. In: Proc. of NDSS, 2007.
[38] Kent Stephen, Lynn Charles, Seo Karen. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communication Special Issue on Network Security, 2000, 18(4):582-592.
[39] White Russ. Securing BGP through Secure Origin BGP. Internet Protocol Journal, 2003, 6(3):15-22.
[40] Kranakis E, Wan T, Oorschot PC. On Interdomain Routing Security and PrettySecure BGP (psBGP). ACM Trans. Information and System Security (TISSEC), 2007, 10(3):1-41.
[41] Smith B, Garcia-Luna-Aceves J. Securing the Border Gateway Routing Protocol. In: Proc. of the Global Internet, 1996.
[42]徐恪,熊勇强,吴建平.边界网关协议BGP-4的安全扩展.电子学报, 2002,30(2):271-273.
[43]胡湘江,朱培栋,龚正虎.SE-BGP:一种BGP安全机制.软件学报,2008,19(1):167-176.
[44] Internet Corporation for Assigned Names and Numbers. http://www.icann.org.
[45] Karlin J, Forrest S, Rexford J. Pretty good BGP: Improving BGP by Cautiously Adopting Routes. In: Proc. of the IEEE ICNP, 2006. 283-292.
[46] Subramanian L, Roth V, Stoica I, Shenker S, Katz RH. Listen and Whisper: Security Mechanisms for BGP. In: Proc. of the NSDI, 2004.
[47] Goodell Geoffrey, Aiello William, Griffin Timothy, Ioannidis John, McDaniel Patrick, Rubin Aviel. Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing. In: Proc. of NDSS, 2003.
[48]李琦,吴建平,徐明伟,徐恪.自治系统间的安全路由协议GesBGP.计算机学报,2009,32(3):506-515.
[49]谭晶,罗军舟,李伟,于枫.基于可信度的域间路由机制.计算机学报,2010,33(9):1763-1774.
[50] Renesys Corp. Real Time Monitoring of Global Internet Routing. http://www. renesys.com /services.html.
[51] http://bgp.potaroo.net/as1221/bgp-active.html.
[52] Wenping D, Peidong Z, Xicheng L. RouSSeau: A Monitoring System for Inter-domain Routing Security. In: Proc. of the CNSR, 2008.
[53]张宏科,董平,杨冬.新互联网体系理论及关键技术.中兴通讯技术,2008,14(1):17-20.
[54] RouteViews, http://www.routeviews.org/.
[55] Routing Information Service. http://www.ris.ripe.net/myasn.html.
[56] Colitti L, Battista G. D, Mariani F, Patrignani M, Pizzonia M. Visualizing Interdomain Routing with BGPlay. Journal of Graph Algorithms and Applications, 2005, 9(1): 117-148.
[57] Lad M, Zhang L, Massey D. Link-Rank: A Graphical Tool for Capturing BGP Routing Dynamics. In: Proc. of the IEEE/IFIP NOMS, 2004
[58] PHAS: Prefix Hijack Alert System. http://phas.netsec.colostate.edu/stat.html.
[59] Cyclops, http://cyclops.cs.ucla.edu/.
[60] Cymru. Internet Security and Research Insight. http://www.team-cymru.org/.
[61] Zheng C, Ji L, Pei D, Wang J, Francis P. A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time. In: Proc. of the SIGCOMM, 2007.
[62] Zhang Z, Zhang Y, Hu Y, Mao Z, Bush R. iSPY: Detecting IP Prefix Hijacking on My Own. In: Proc. of the ACM SIGCOMM, 2008.
[63] Boothe P, Hiebert J, Bush R. How Prevalent is Prefix Hijacking on the Internet? In NANOG 36 meeting, 2006.
[64] Qiu J, Gao L, Ranjan S, Nucci A. Detecting Bogus BGP Route Information: Going Beyond Prefix Hijacking. In: Proc. of the 3rd International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2007.
[65] Hu X, Mao Z. M. Accurate Real-time Identification of IP Prefix Hijacking. In: Proc. of the 2007 IEEE Symposium on Security and Privacy, 2007.
[66] Zhang Z, Zhang Y, Hu Y, Mao Z. Practical Defenses against BGP Prefix Hijacking. In: Proc. of the ACM CoNEXT, 2007.
[67] Faloutsos C, Faloutsos M, Faloutsos P. On Power-Law Relationships of the Internet Topology. In: Proc. of the ACM SIGCOMM, 1999.
[68] Mahadevan P, Krioukov D, Fomenkov M, Huffaker B, Dimitropoulos X, Claffy K, Vahdat A.. The Internet AS-Level Topology: Three Data Sources and One Definitive Metric. ACM SIGCOMM Computer Communication Review, 2006, 36(1): 17-26.
[69]周苗,杨家海,刘洪波,吴建平.Internet网络拓扑建模.软件学报,2009,20(1):109-123.
[70] Li L, Alderson D, Willinger W, Doyle J, Tanaka R, Low S. A First Principles Approach to Understanding the Internet’s Router-level Topology. In: Proc. of the ACM SIGCOMM, 2004.
[71] Oliveira R, Zhang B, Zhang L. Observing the Evolution of Internet AS Topology. ACM SIGCOMM Computer Communication Review, 2007, 37(4): 313-324.
[72] Albert R, Jeong H, Barabási L. Error and Attack Tolerance of Complex Networks. Nature, 2000, 406: 378-382.
[73] Doyle J, Anderson D, Li L, Low S, Roughan M, Shalunov S, Tanaka R, Willinger W, The“Robust Yet Fragile”Nature of the Internet. In: Proc. of the National Academy of Sciences of the United States of America, 2005.
[74] Cohen R, Erez K, Avraham D, Havlin S. Resilience of the Internet to Random Breakdowns. Phys. Rev. Lett, 2000, 85(21):4626-4628.
[75] Cohen R, Erez K, Avraham D. Breakdown of the Internet under Intentional Attack. Phys. Rev. Lett, 2001, 86(16):3682-3685.
[76] Motter A. E, Lai Y. C. Cascade-Based Attacks on Complex Networks. Phys. Rev. E, 2002, 66, 065102.
[77] Zhao L, Park K, Lai Y. C. Attack Vulnerability of Scale-Free Networks due to Cascading Breakdown. Phys. Rev. E, 2004, 70: 035101.
[78] Simonsen I, Buzna L, Peters K, Bornholdt S, Helbing D. Transient Dynamics Increasing Network Vulnerability to Cascading Failures. Phys. Rev. Lett, 2008, 100: 218701.
[79] Coffman E, Ge Z, Misra V, Towsley D. Network Resilience: Exploring Cascading Failures within BGP. In: Proc. of the Allerton Conference on Communication, Control and Computing, 2002.
[80] Demetriusa L, Manke T. Robustness and Network Evolution: An Entropic Principle. Physica A, 2005, 346: 682–696.
[81] Jamakovic A, Uhlig S. On the Relationships between Topological Measures in Real-World Networks. Networks and Heterogeneous Media, 2008, 3(2): 345–359.
[82] Shargel B, Sayama H, Epstein I. R, Bar-Yam Y. Optimization of robustness and connectivity in complex networks. Phys. Rev. Lett, 2003, 90(6):068701.
[83] Paul G, Tanizawa T, Havlin S, Stanley H. Optimization of robustness of complex networks. Eur. Phys. J. B, 2004, 38 (2): 187-191.
[84] Valente A, Sarkar A, Stone H. A. Two-peak and three-peak optimal complex networks. Phys. Rev. Lett, 2004, 92 (11): 118702.
[85] Wang B, Tang H. W, Guo C, Xiu Z. Entropy Optimization of Scale-free Networks Robustness to Random Failures. Physica A, 2005, 363: 591-596.
[86] Schneider C. M, Moreira A. A, Andrade J. S, Jr, Havlin S, Herrmann H. J. Onion-like Network Topology Enhances Robustness against Malicious Attacks. Journal of Statistical Mechanics: Theory and Experiment, 2011, 2011(01): P01027.
[87]李德毅,于全,江光杰.C3I系统可靠性、抗毁性和抗干扰的统一评测.系统工程理论与实践,1997,17(3):23-27.
[88]谭跃进,吴俊,邓宏钟.复杂网络中节点重要度评估的节点收缩方法.系统工程理论与实践,2006,26(11):79-83.
[89]邓宏钟,吴俊,李勇.双层小世界网络中的级联失效模型与分析.计算机仿真, 2008,25(10):150-152.
[90] Wang W, Chen G. Universal robustness characteristic of weighted networks against cascading failure. Phys. Rev. E, 2008, 77: 026101.
[91]张国强,张国清,范晶.中国大陆AS级拓扑的测量与分析.通信学报,2007,28(10): 92-101.
[92]张宇,方滨兴,张宏莉.中国AS级拓扑测量与分析.计算机学报.2008,31(4):611-619.
[93] Wu J, Gao Z, Sun H. Cascade and breakdown in scale-free networks withcommunity structure. Phys. Rev. E, 2006, 74: 066111.
[94]张俊良.复杂网络可靠性研究.硕士学位论文,大连理工大学,2006.
[95]刘全龙.复杂网络可靠性研究.硕士学位论文,北京邮电大学,2007.
[96] Wu J, Zhang Y, Mao Z. M, Shin K. G. Internet Routing Resilience to Failures: Analysis and Implications. In: Proc. of the CoNEXT, 2007.
[97] Zhao X, Zhang B, Terzis A, Massey D, Zhang L. The Impact of Link Failure Location on Routing Dynamics: A Formal Analysis. In: Proc. of the ACM SIGCOMM Asia Workshop, 2005.
[98] Dolev D, Jamin S, Mokryn O, Shavitt Y. Internet resiliency to attacks and failures under BGP policy routing. Computer Networks, 2006, 50: 3183–3196.
[99] Erlebach T, Hall A, Moonen L, Panconesi A, Spieksma F, Vukadinovic D. Robustness of the Internet at the Topology and Routing Level. Lecture Notes in Computer Science, vol. 4028, 2006.
[100] Lad M, Zhao X, Zhang B, Massey D, Zhang L. Analysis of BGP Update Surge during Slammer Worm Attack. In: Proc. of 6th International Workshop on Distributed Computing, 2003.
[101] Pei D, Zhang L, Massey D. A Framework for Resilient Internet Routing Protocols. IEEE Network, 2004, 4(1): 1-36.
[102] Sriram K, Borchert O, Kim O, Gleichmann P, Montgomery D. A Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms. In: Proc. of the Cybersecurity Applications & Technology Conference for Homeland Security, 2009.
[103] Yang X, Wetherall D, Anderson T. Source Selectable Path Diversity via Routing Deflection. In: Proc. of the ACM SIGCOMM, 2006.
[104] Lakshminarayanan K, Caesar M, Rangan M, Anderson T, Shenker S, and Stoica I. Achieving Convergence-Free Routing Using Failure-Carrying Packets. In: Proc. of the ACM SIGCOMM, 2007.
[105] Xu W, Rexford J. MIRO: Multi-Path Interdomain Routing. In: Proc. of the ACM SIGCOMM, 2006.
[106] Wang H, Yang Y. R, Liu P, Wang J, Gerber A, Greenberg A. Reliability as an Interdomain Service. In: Proc. of the ACM SIGCOMM, 2007.
[107] Andersen D, Balakrishnan H, Kaashoek M, Morris R. Resilient Overlay Networks. In: Proc. of the OSDI, 2001.
[108] Sato Yasuhiro, Ata Shingo, Oka Ikuo. A Strategic Approach for Re-organizing the Internet Topology by Applying Social Behavior Dynamics. J Netw Syst Manage, 2009, 17:208–229.
[109] Meyer D, Schmitz J, Orange C, Prior M, Alaettinoglu C. Using RPSL in Practice. IETF RFC 2650, 1999.
[110] Alaettinoglu A, Villamizar C, Gerich E, Kessens D, Meyer D, Bates T, Karrenberg D, Terpstra. M. Routing Policy Specification Language (RPSL). IETF RFC 2622, 1999.
[111] RIPE RIS. http://http://www.ripe.net/ris/.
[112] Huffaker B. CAIDA AS Ranking Project. http://www.caida.org/analysis /topology/rank_as/. 2006.
[113] AquaLab, http://aqualab.cs.northwestern.edu/projects/SidewalkEnds.html.
[114] Fuller V, Li T. Classless Inter-Domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan. IETF RFC 4632, 2006.
[115] Beijnum I. BGP: Building Reliable Networks with the Border Gateway Protocol. O'Reilly, 2002.
[116] Goldberg S, Halevi S, Jaggard A, Ramachandran V, Wright R. Rationality and Traffic Attraction: Incentives for Honest Path Announcements in BGP. In: Proc. of the ACM Sigcomm, 2008.
[117] Baker F. Requirements for IP Version 4 Routers. IETF RFC 1812, 1995.
[118] Labovitz C, Johnson S, McPherson D, Oberheide J, Jahanian F. Internet Inter-Domain Traffic. In: Proc. of the ACM Sigcomm, 2010.
[119] Feldmann A, Maennel O, Mao Z, Maggs B. Locating Internet Routing Instability. In: Proc. of ACM SIGCOMM, 2004.
[120] Kushman N, Kandula S, Katabi D, Maggs B. RBGP: Staying connected in a connected world. In: Proc. of NSDI, 2007.
[121] Motiwala M, Elmore M, Feamster N, Vempala S. Path splicing. ACM SIGCOMM Computer Communication Review, 2008, 38(4): 27–38.
[122] Godfrey P, Ganichev I, Shenker S, Stoica I. Pathlet routing. In: Proc. of ACM SIGCOMM, 2004.
[123] Huang S, Xu Y, Zhang L. Study of network survivability based on multi-path routing mechanism. Science in China Series F-Information Sciences, 2008, 51(11): 1898-1907.
[124] Gao R, Dovrolis C, Zegura E. Interdomain Ingress Traffic Engineering through Optimized AS-Path Prepending. In: Proc. of IFIP Networking, 2005.
[125] Shimbel A. Structural Parameters of Communication Networks. Bulletin of Mathematical Biophysics, 1953, 15: 501-507.
[126] Freeman L. A Set of Measures of Centrality based on Betweenness. Sociometry, 1977, 40:35-41.
[127] Luckie M, Hyun Y, Huffaker B. Traceroute Probe Method and Forward IP Path Inference. In: Proc. of the IMC, 2008
[128] Mao Z. M, Rexford J, Wang J, Katz R. Towards an Accurate AS-Level Traceroute Tool. In: Proc. of the ACM SIGCOMM, 2003.
[129] He Y, Faloutsos M, Krishnamurthy S, Huffaker B. On Routing Asymmetry in theInternet. In: Proc. of the Globecom, 2005.
[130] Bassett E, Madhyastha H, Adhikari V, Scott C. Reverse Traceroute. In: Proc. of the NSDI, 2010.
[131] Qiu J, Gao L. AS Path Inference by Exploiting Known AS Paths. In: Proc. of the IEEE Globecom, 2006.
[132] Mao Z, Qiu L, Wang J, Zhang Y. On AS-Level Path Inference. In: Proc. of the ACM Sigmetrics, 2005.
[133]杨国强,窦文华.一种计算因特网AS拓扑的最短路径的快速算法.计算机研究与发展,2009,46(11):1797-1802.
[134] Wang F, Gao L. On Inferring and Characterizing Internet Routing Policies. In: Proc. of the ACM IMC, 2003.
[135] Gao L, Rexford J. Stable Internet Routing without Global Coordination. IEEE/ACM Trans. Networking, 2001, 9: 681-692.
[136] Kind A, Bauer D, Dechouniotis D, Dimitropoulos X. Valley-free Shortest Path Method. International Business Machines Corporation, New York, 2009.
[137] Zadeh L. Fuzzy Sets. Information and Control, 8(3), 1965.
[138] Rexford J, Wang J, Xiao Z, Zhang Y, BGP Routing Stabilityof Popular Destinations. In: Proc. of the IMW, 2002.
[139] Boothe P, Hiebert J, Bush R. Short-Lived Prefix Hijacking on the Internet. In: NANOG 36 meeting, 2006.
[140] Mahajan R, Wetherall D, Anderson T. Understanding BGP Misconfiguration. In: Proc. of the ACM SIGCOMM, 2002.
[141] YouTube Hijacking: A RIPE NCC RIS case study. http://www.ripe.net /internet-coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study.
[142] BGPmon. BGP Prefix hijack by AS16735. http://bgpmon.net/blog/?p=80.
[143] Cowie J, Ogielski A, Premore B. J, Yuan Y. Global routing instabilities triggered by Code Red II and Nimda worm attacks. Tech. Rep, Renesys Corporation, 2001.
[144] Deshpande S, Thottan M, Sikdar B. Early Detection of BGP Instabilities Resulting from Internet Worm Attacks. In: Proc. of the IEEE GLOBECOM, 2004.
[145] Chang D, Govindan R, Heidemann J. An Empirical Study of Router Response to Large BGP Routing Table Load. Tech. Rep, ISI-TR-2001-552, USC/Information Sciences Institute, 2001.
[146] Cisco Systems. Troubleshooting High CPU Caused by the BGP Scanner or BGP Router Process. Document ID: 45620, 2003.
[147] Agarwal S, Chuah C, Bhattacharyya S, Diot C. Impact of BGP Dynamic on Router CPU Utilization. In: Proc. of the PAM, 2004.
[148] Quagga Routing Suite. http://www.quagga.net/.
[149]汪小帆,李翔,陈关荣.复杂网络理论及其应用.清华大学出版社,2006.
[150] Motter A, Nishikawa T, Lai Y. Cascade-Based Attacks on Complex Networks. Phys. Rev. E, 2002, 66: 065102(R).
[151] Moreno Y, Gómez J, Pacheco A. Instability of Scale-Free Networks under Node-Breaking Avalanches. Europhys. Lett, 2002, 58(4): 630-636.
[152] Asavathiratham C. The Influence Model: a Tractable Representation for the Dynamoics of Networked Markov Chains. Elec. Eng. And Comp. Sci. Dept, MIT, 2000.
[153] Bak P, Tang C, Wiesenfeld K. Self-Organized Criticality: an Explanation of the 1/f Noise. Phys. Rev. Lett, 1987, 59: 381-384.
[154] Dobson I, Chen J, Thop J, Carreras B, Newman D. Examining Criticality of Blackouts in Power System Models with Cascadeing Events. In: Proc. the of Hawaii Inernational Conference on System Sciences, 2002.
[155] Dobson I, Carreras B A, Newman D E. A Probabilistic Loading-Dependent Model of Cascadeing Failure and Possible Implications for Blackouts. In: Proc. of the Hawaii Inernational Conference on System Sciences, 2003.
[156] Villamizar C, Chandra R, Govindan R. Route Flab Damping. IETF RFC 2439, 1998.
[157] Kaeo M. Current Operational Security Practices in Internet Service Provider Environments. IETF RFC 4778, 2007.
[158] Sangli S, Chen E, Fernando R, Scudder J, Rekhter Y. Graceful Restart Mechanism for BGP, IETF RFC 4724, 2007.
[159] SSFNET. http://www.ssfnet.org/bgp/doc/.
[160] C-BGP, http://cbgp.info.ucl.ac.be/.
[161] Erlebach T, Hall A, Panconesi A, Vukadinovic D. Cuts and Disjoint Paths in the Valley-Free Path Model. Internet Mathematics, 2007, 3 (3): 333–360.
[162] Erlebach T, Moonen L S, Spieksma F C R, Vukadinovic D. Connectivity Measures for Internet Topologies on the Level of Autonomous Systems. Operations Research, 2009, 57 (4): 1006–1025.
[163] Cheriyan J, Thurimella R. Fast Algorithms for k-Shredders and k-Node Connectivity Augmentation. J. Algorithms, 1999, 33(1): 15-50.
[164] Bush R, Maennel O, Roughan M, Uhlig S. Internet Optometry: Assessing the Broken Glasses in Internet Reachability. In: Proc. of the ACM IMC, 2009.
[165] Oliveira R, Pei D, Willinger W, Zhang B, Zhang L. The (In)Completeness of the observed Internet AS-Level Structure. IEEE/ACM Trans. Networking, 2010, 18: 109–122.
[166] Menger K. Zur allgemeinem Kurventheorie. Fund. Math, 1927, 10: 96-115.
[167] Khuller S, Naor J. Flow in Planar Graphs with Vertex Capacities, Algorithmica, 1994, 11: 200-225.
[168] Cormen T, Leiserson C, Rivest R, Stein C. Introduction to Algorithms (2nd Edition). MIT Press and McGraw-Hill, 2001.
[169] Lawler E. Combinatorial Optimization: Networks and Matroids. Dover, 2001, 117–120.
[170] Kleinberg J, Tardos E. Algorithm Design. Addison Wesley, 2006.
[171] Liao Y, Gao L, Guerin R, Zhang Z. Safe Interdomain Routing under Diverse Commercial Aggreements. To appear in IEEE/ACM Trans. Networking, 2010, 18 (6): 1829-1840.
[2] Halabi B. Internet Routing Architectures (2nd edition). Cisco Press, 2001.
[3] Rekhter Y, Tony L. A Border Gateway Protocol 4 (BGP-4). IETF RFC 1771, 1995.
[4] Malkin G. RIP Version 2. IETF RFC 2453, 1998.
[5] Callon R. Use of OSI IS-IS for routing in TCP/IP and dual environments. IETF RFC 1195, 1990.
[6] John M. OSPF Version 2. IETF RFC 2328, 1998.
[7] Mills D. External Gateway Protocol Formal Specification. IETF RFC 904, 1984.
[8] Rekhter Y. Inter-Domain Routing Protocol (IDRP). Internetworking: Research and Experience, 1993, Vol 4.
[9] Rekhter Y, Li T, Hares S. A Border Gateway Protocol 4 (BGP-4), IETF RFC4271, 2006.
[10] Gao L. On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Transactions on Networking, 2000, 9(6):733–745.
[11] Subramanian J, Agarwal V, Katz R. Characterizing the Internet Hierarchy form Multiple Vantage Points. In: Proc. of the IEEE INFOCOM, 2002.
[12] Ge Z, Figueiredo D, Jaiwal S, Gao L. On the Hierarchical Structure of the Logical Internet Graph. In: Prof. of the SPIE ITCOM, 2001.
[13] Lougheed K, Rekhter Y. A Border Gateway Protocol (BGP). IETF RFC 1105, 1989.
[14] Caesar M, Rexford J. BGP Routing Policies in ISP Networks. IEEE Network Magazine, 2005, 19 (6): 5-11.
[15] Battista G, Erlebach T, Hall A, Patrignani M, Pizzonia M, Schank T. Computing the Types of the Relationships between Autonomous Systems. IEEE/ACM Trans. Networking, 2007, 15 (2): 267-280.
[16] CAIDA. AS Commercial Relationship Data, http://as-rank.caida.org/data/.
[17] Wu J, Zhang Y, Mao Z, Shin K. Internet Routing Resilience to Failures: Analysis and Implications. In: Proc. of the ACM CoNEXT, 2007.
[18] Mühlbauer W, Feldmann A, Maennel O, Roughan M, Uhlig S. Building an AS-Topology Model that Captures Route Diversity. In: Proc. of the ACM SIGCOMM, 2006.
[19] Gao L, Rexford J. Stable Internet Routing Without Global Coordination. IEEE/ACM Trans. Networking, 2001, 9 (6): 681-692.
[20] Murphy Sandra. BGP Security Vulnerabilities Analysis. IETF RFC 4272, 2006.
[21] Siganos G, Faloutsos M. Neighborhood Watch for Internet Routing: Can weimprove the Robustness of Internet Routing Today? In: Proc.of the IEEE INFOCOM, 2007.
[22] Schneier B. Click Here to Bring Down the Internet. http://www.schneier.com /essay-003.html.
[23] Cowie J, Ogielski A, Premore B, Yuan Y. Global Routing Instabilities Triggered by Code Red II and Nimda Worm Attacks. Tech. Rep, Renesys Corporation, 2001.
[24] Agarwal S, Chuah C, Bhattacharyya S, Diot C. Impact of BGP Dynamic on Router CPU Utilization. In: Proc. of the PAM, 2004.
[25] Mérindol P, Schrieck V. V, Donnet B, Bonaventure O, Pansiot J. Quantifying ASes Multiconnectivity Using Multicast Information. In: Proc. of the ACM IMC, 2009.
[26] Smith P. BGP Multihoming Techniques. In NANOG-41 Meeting, 2007.
[27] CIDR report. http://www.cidr-report.org/as2.0/.
[28] Albert R, Barabási A. Statistical Mechanics of Complex Networks. Rev. Mod. Phys. 2002, 74: 47–97.
[29] The North American Network Operators’Group. http://www.nanog.org/.
[30] Anti-Phishing Working Group. http://www.antiphishing.org.
[31] Barbir A, Murphy S, Yang Y. Generic Threats to Routing Protocols. IETF RFC 4593, 2006.
[32] Nordstr?m O, Dovrolis C. Beware of BGP Attacks. ACM SIGCOMM Computer Communications Review, 2004, 34(2): 1-8.
[33] Ballani H, Francis P, Zhang X. A Study of Prefix Hijacking and Interception in the Internet. In: Proc. of the SIGCOMM, 2007.
[34] BGP Best Path Selection Algorithm. http://www.cisco.com/warp/public /459/25.shtml.
[35] Wenping D, Peidong Z, Xicheng L, Bernhard P. On Evaluating BGP Routing Stress Attack. Journal of Communications, 2010, 5(1): 13-22.
[36] Schuchard Max, Vasserman Eugene Y, Mohaisen Abedelaziz, Kune Denis Foo, Hopper Nicholas, Kim Yongdae. Losing Control of the Internet: Using the Data Plane to Attack the Control Plane. In: Proc. of the NDSS, 2010.
[37] Zhang Y, Mao Z, Wang J. Low-rate tcp-targeted dos attack disrupts internet routing. In: Proc. of NDSS, 2007.
[38] Kent Stephen, Lynn Charles, Seo Karen. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communication Special Issue on Network Security, 2000, 18(4):582-592.
[39] White Russ. Securing BGP through Secure Origin BGP. Internet Protocol Journal, 2003, 6(3):15-22.
[40] Kranakis E, Wan T, Oorschot PC. On Interdomain Routing Security and PrettySecure BGP (psBGP). ACM Trans. Information and System Security (TISSEC), 2007, 10(3):1-41.
[41] Smith B, Garcia-Luna-Aceves J. Securing the Border Gateway Routing Protocol. In: Proc. of the Global Internet, 1996.
[42]徐恪,熊勇强,吴建平.边界网关协议BGP-4的安全扩展.电子学报, 2002,30(2):271-273.
[43]胡湘江,朱培栋,龚正虎.SE-BGP:一种BGP安全机制.软件学报,2008,19(1):167-176.
[44] Internet Corporation for Assigned Names and Numbers. http://www.icann.org.
[45] Karlin J, Forrest S, Rexford J. Pretty good BGP: Improving BGP by Cautiously Adopting Routes. In: Proc. of the IEEE ICNP, 2006. 283-292.
[46] Subramanian L, Roth V, Stoica I, Shenker S, Katz RH. Listen and Whisper: Security Mechanisms for BGP. In: Proc. of the NSDI, 2004.
[47] Goodell Geoffrey, Aiello William, Griffin Timothy, Ioannidis John, McDaniel Patrick, Rubin Aviel. Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing. In: Proc. of NDSS, 2003.
[48]李琦,吴建平,徐明伟,徐恪.自治系统间的安全路由协议GesBGP.计算机学报,2009,32(3):506-515.
[49]谭晶,罗军舟,李伟,于枫.基于可信度的域间路由机制.计算机学报,2010,33(9):1763-1774.
[50] Renesys Corp. Real Time Monitoring of Global Internet Routing. http://www. renesys.com /services.html.
[51] http://bgp.potaroo.net/as1221/bgp-active.html.
[52] Wenping D, Peidong Z, Xicheng L. RouSSeau: A Monitoring System for Inter-domain Routing Security. In: Proc. of the CNSR, 2008.
[53]张宏科,董平,杨冬.新互联网体系理论及关键技术.中兴通讯技术,2008,14(1):17-20.
[54] RouteViews, http://www.routeviews.org/.
[55] Routing Information Service. http://www.ris.ripe.net/myasn.html.
[56] Colitti L, Battista G. D, Mariani F, Patrignani M, Pizzonia M. Visualizing Interdomain Routing with BGPlay. Journal of Graph Algorithms and Applications, 2005, 9(1): 117-148.
[57] Lad M, Zhang L, Massey D. Link-Rank: A Graphical Tool for Capturing BGP Routing Dynamics. In: Proc. of the IEEE/IFIP NOMS, 2004
[58] PHAS: Prefix Hijack Alert System. http://phas.netsec.colostate.edu/stat.html.
[59] Cyclops, http://cyclops.cs.ucla.edu/.
[60] Cymru. Internet Security and Research Insight. http://www.team-cymru.org/.
[61] Zheng C, Ji L, Pei D, Wang J, Francis P. A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time. In: Proc. of the SIGCOMM, 2007.
[62] Zhang Z, Zhang Y, Hu Y, Mao Z, Bush R. iSPY: Detecting IP Prefix Hijacking on My Own. In: Proc. of the ACM SIGCOMM, 2008.
[63] Boothe P, Hiebert J, Bush R. How Prevalent is Prefix Hijacking on the Internet? In NANOG 36 meeting, 2006.
[64] Qiu J, Gao L, Ranjan S, Nucci A. Detecting Bogus BGP Route Information: Going Beyond Prefix Hijacking. In: Proc. of the 3rd International Conference on Security and Privacy in Communication Networks (SECURECOMM), 2007.
[65] Hu X, Mao Z. M. Accurate Real-time Identification of IP Prefix Hijacking. In: Proc. of the 2007 IEEE Symposium on Security and Privacy, 2007.
[66] Zhang Z, Zhang Y, Hu Y, Mao Z. Practical Defenses against BGP Prefix Hijacking. In: Proc. of the ACM CoNEXT, 2007.
[67] Faloutsos C, Faloutsos M, Faloutsos P. On Power-Law Relationships of the Internet Topology. In: Proc. of the ACM SIGCOMM, 1999.
[68] Mahadevan P, Krioukov D, Fomenkov M, Huffaker B, Dimitropoulos X, Claffy K, Vahdat A.. The Internet AS-Level Topology: Three Data Sources and One Definitive Metric. ACM SIGCOMM Computer Communication Review, 2006, 36(1): 17-26.
[69]周苗,杨家海,刘洪波,吴建平.Internet网络拓扑建模.软件学报,2009,20(1):109-123.
[70] Li L, Alderson D, Willinger W, Doyle J, Tanaka R, Low S. A First Principles Approach to Understanding the Internet’s Router-level Topology. In: Proc. of the ACM SIGCOMM, 2004.
[71] Oliveira R, Zhang B, Zhang L. Observing the Evolution of Internet AS Topology. ACM SIGCOMM Computer Communication Review, 2007, 37(4): 313-324.
[72] Albert R, Jeong H, Barabási L. Error and Attack Tolerance of Complex Networks. Nature, 2000, 406: 378-382.
[73] Doyle J, Anderson D, Li L, Low S, Roughan M, Shalunov S, Tanaka R, Willinger W, The“Robust Yet Fragile”Nature of the Internet. In: Proc. of the National Academy of Sciences of the United States of America, 2005.
[74] Cohen R, Erez K, Avraham D, Havlin S. Resilience of the Internet to Random Breakdowns. Phys. Rev. Lett, 2000, 85(21):4626-4628.
[75] Cohen R, Erez K, Avraham D. Breakdown of the Internet under Intentional Attack. Phys. Rev. Lett, 2001, 86(16):3682-3685.
[76] Motter A. E, Lai Y. C. Cascade-Based Attacks on Complex Networks. Phys. Rev. E, 2002, 66, 065102.
[77] Zhao L, Park K, Lai Y. C. Attack Vulnerability of Scale-Free Networks due to Cascading Breakdown. Phys. Rev. E, 2004, 70: 035101.
[78] Simonsen I, Buzna L, Peters K, Bornholdt S, Helbing D. Transient Dynamics Increasing Network Vulnerability to Cascading Failures. Phys. Rev. Lett, 2008, 100: 218701.
[79] Coffman E, Ge Z, Misra V, Towsley D. Network Resilience: Exploring Cascading Failures within BGP. In: Proc. of the Allerton Conference on Communication, Control and Computing, 2002.
[80] Demetriusa L, Manke T. Robustness and Network Evolution: An Entropic Principle. Physica A, 2005, 346: 682–696.
[81] Jamakovic A, Uhlig S. On the Relationships between Topological Measures in Real-World Networks. Networks and Heterogeneous Media, 2008, 3(2): 345–359.
[82] Shargel B, Sayama H, Epstein I. R, Bar-Yam Y. Optimization of robustness and connectivity in complex networks. Phys. Rev. Lett, 2003, 90(6):068701.
[83] Paul G, Tanizawa T, Havlin S, Stanley H. Optimization of robustness of complex networks. Eur. Phys. J. B, 2004, 38 (2): 187-191.
[84] Valente A, Sarkar A, Stone H. A. Two-peak and three-peak optimal complex networks. Phys. Rev. Lett, 2004, 92 (11): 118702.
[85] Wang B, Tang H. W, Guo C, Xiu Z. Entropy Optimization of Scale-free Networks Robustness to Random Failures. Physica A, 2005, 363: 591-596.
[86] Schneider C. M, Moreira A. A, Andrade J. S, Jr, Havlin S, Herrmann H. J. Onion-like Network Topology Enhances Robustness against Malicious Attacks. Journal of Statistical Mechanics: Theory and Experiment, 2011, 2011(01): P01027.
[87]李德毅,于全,江光杰.C3I系统可靠性、抗毁性和抗干扰的统一评测.系统工程理论与实践,1997,17(3):23-27.
[88]谭跃进,吴俊,邓宏钟.复杂网络中节点重要度评估的节点收缩方法.系统工程理论与实践,2006,26(11):79-83.
[89]邓宏钟,吴俊,李勇.双层小世界网络中的级联失效模型与分析.计算机仿真, 2008,25(10):150-152.
[90] Wang W, Chen G. Universal robustness characteristic of weighted networks against cascading failure. Phys. Rev. E, 2008, 77: 026101.
[91]张国强,张国清,范晶.中国大陆AS级拓扑的测量与分析.通信学报,2007,28(10): 92-101.
[92]张宇,方滨兴,张宏莉.中国AS级拓扑测量与分析.计算机学报.2008,31(4):611-619.
[93] Wu J, Gao Z, Sun H. Cascade and breakdown in scale-free networks withcommunity structure. Phys. Rev. E, 2006, 74: 066111.
[94]张俊良.复杂网络可靠性研究.硕士学位论文,大连理工大学,2006.
[95]刘全龙.复杂网络可靠性研究.硕士学位论文,北京邮电大学,2007.
[96] Wu J, Zhang Y, Mao Z. M, Shin K. G. Internet Routing Resilience to Failures: Analysis and Implications. In: Proc. of the CoNEXT, 2007.
[97] Zhao X, Zhang B, Terzis A, Massey D, Zhang L. The Impact of Link Failure Location on Routing Dynamics: A Formal Analysis. In: Proc. of the ACM SIGCOMM Asia Workshop, 2005.
[98] Dolev D, Jamin S, Mokryn O, Shavitt Y. Internet resiliency to attacks and failures under BGP policy routing. Computer Networks, 2006, 50: 3183–3196.
[99] Erlebach T, Hall A, Moonen L, Panconesi A, Spieksma F, Vukadinovic D. Robustness of the Internet at the Topology and Routing Level. Lecture Notes in Computer Science, vol. 4028, 2006.
[100] Lad M, Zhao X, Zhang B, Massey D, Zhang L. Analysis of BGP Update Surge during Slammer Worm Attack. In: Proc. of 6th International Workshop on Distributed Computing, 2003.
[101] Pei D, Zhang L, Massey D. A Framework for Resilient Internet Routing Protocols. IEEE Network, 2004, 4(1): 1-36.
[102] Sriram K, Borchert O, Kim O, Gleichmann P, Montgomery D. A Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms. In: Proc. of the Cybersecurity Applications & Technology Conference for Homeland Security, 2009.
[103] Yang X, Wetherall D, Anderson T. Source Selectable Path Diversity via Routing Deflection. In: Proc. of the ACM SIGCOMM, 2006.
[104] Lakshminarayanan K, Caesar M, Rangan M, Anderson T, Shenker S, and Stoica I. Achieving Convergence-Free Routing Using Failure-Carrying Packets. In: Proc. of the ACM SIGCOMM, 2007.
[105] Xu W, Rexford J. MIRO: Multi-Path Interdomain Routing. In: Proc. of the ACM SIGCOMM, 2006.
[106] Wang H, Yang Y. R, Liu P, Wang J, Gerber A, Greenberg A. Reliability as an Interdomain Service. In: Proc. of the ACM SIGCOMM, 2007.
[107] Andersen D, Balakrishnan H, Kaashoek M, Morris R. Resilient Overlay Networks. In: Proc. of the OSDI, 2001.
[108] Sato Yasuhiro, Ata Shingo, Oka Ikuo. A Strategic Approach for Re-organizing the Internet Topology by Applying Social Behavior Dynamics. J Netw Syst Manage, 2009, 17:208–229.
[109] Meyer D, Schmitz J, Orange C, Prior M, Alaettinoglu C. Using RPSL in Practice. IETF RFC 2650, 1999.
[110] Alaettinoglu A, Villamizar C, Gerich E, Kessens D, Meyer D, Bates T, Karrenberg D, Terpstra. M. Routing Policy Specification Language (RPSL). IETF RFC 2622, 1999.
[111] RIPE RIS. http://http://www.ripe.net/ris/.
[112] Huffaker B. CAIDA AS Ranking Project. http://www.caida.org/analysis /topology/rank_as/. 2006.
[113] AquaLab, http://aqualab.cs.northwestern.edu/projects/SidewalkEnds.html.
[114] Fuller V, Li T. Classless Inter-Domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan. IETF RFC 4632, 2006.
[115] Beijnum I. BGP: Building Reliable Networks with the Border Gateway Protocol. O'Reilly, 2002.
[116] Goldberg S, Halevi S, Jaggard A, Ramachandran V, Wright R. Rationality and Traffic Attraction: Incentives for Honest Path Announcements in BGP. In: Proc. of the ACM Sigcomm, 2008.
[117] Baker F. Requirements for IP Version 4 Routers. IETF RFC 1812, 1995.
[118] Labovitz C, Johnson S, McPherson D, Oberheide J, Jahanian F. Internet Inter-Domain Traffic. In: Proc. of the ACM Sigcomm, 2010.
[119] Feldmann A, Maennel O, Mao Z, Maggs B. Locating Internet Routing Instability. In: Proc. of ACM SIGCOMM, 2004.
[120] Kushman N, Kandula S, Katabi D, Maggs B. RBGP: Staying connected in a connected world. In: Proc. of NSDI, 2007.
[121] Motiwala M, Elmore M, Feamster N, Vempala S. Path splicing. ACM SIGCOMM Computer Communication Review, 2008, 38(4): 27–38.
[122] Godfrey P, Ganichev I, Shenker S, Stoica I. Pathlet routing. In: Proc. of ACM SIGCOMM, 2004.
[123] Huang S, Xu Y, Zhang L. Study of network survivability based on multi-path routing mechanism. Science in China Series F-Information Sciences, 2008, 51(11): 1898-1907.
[124] Gao R, Dovrolis C, Zegura E. Interdomain Ingress Traffic Engineering through Optimized AS-Path Prepending. In: Proc. of IFIP Networking, 2005.
[125] Shimbel A. Structural Parameters of Communication Networks. Bulletin of Mathematical Biophysics, 1953, 15: 501-507.
[126] Freeman L. A Set of Measures of Centrality based on Betweenness. Sociometry, 1977, 40:35-41.
[127] Luckie M, Hyun Y, Huffaker B. Traceroute Probe Method and Forward IP Path Inference. In: Proc. of the IMC, 2008
[128] Mao Z. M, Rexford J, Wang J, Katz R. Towards an Accurate AS-Level Traceroute Tool. In: Proc. of the ACM SIGCOMM, 2003.
[129] He Y, Faloutsos M, Krishnamurthy S, Huffaker B. On Routing Asymmetry in theInternet. In: Proc. of the Globecom, 2005.
[130] Bassett E, Madhyastha H, Adhikari V, Scott C. Reverse Traceroute. In: Proc. of the NSDI, 2010.
[131] Qiu J, Gao L. AS Path Inference by Exploiting Known AS Paths. In: Proc. of the IEEE Globecom, 2006.
[132] Mao Z, Qiu L, Wang J, Zhang Y. On AS-Level Path Inference. In: Proc. of the ACM Sigmetrics, 2005.
[133]杨国强,窦文华.一种计算因特网AS拓扑的最短路径的快速算法.计算机研究与发展,2009,46(11):1797-1802.
[134] Wang F, Gao L. On Inferring and Characterizing Internet Routing Policies. In: Proc. of the ACM IMC, 2003.
[135] Gao L, Rexford J. Stable Internet Routing without Global Coordination. IEEE/ACM Trans. Networking, 2001, 9: 681-692.
[136] Kind A, Bauer D, Dechouniotis D, Dimitropoulos X. Valley-free Shortest Path Method. International Business Machines Corporation, New York, 2009.
[137] Zadeh L. Fuzzy Sets. Information and Control, 8(3), 1965.
[138] Rexford J, Wang J, Xiao Z, Zhang Y, BGP Routing Stabilityof Popular Destinations. In: Proc. of the IMW, 2002.
[139] Boothe P, Hiebert J, Bush R. Short-Lived Prefix Hijacking on the Internet. In: NANOG 36 meeting, 2006.
[140] Mahajan R, Wetherall D, Anderson T. Understanding BGP Misconfiguration. In: Proc. of the ACM SIGCOMM, 2002.
[141] YouTube Hijacking: A RIPE NCC RIS case study. http://www.ripe.net /internet-coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study.
[142] BGPmon. BGP Prefix hijack by AS16735. http://bgpmon.net/blog/?p=80.
[143] Cowie J, Ogielski A, Premore B. J, Yuan Y. Global routing instabilities triggered by Code Red II and Nimda worm attacks. Tech. Rep, Renesys Corporation, 2001.
[144] Deshpande S, Thottan M, Sikdar B. Early Detection of BGP Instabilities Resulting from Internet Worm Attacks. In: Proc. of the IEEE GLOBECOM, 2004.
[145] Chang D, Govindan R, Heidemann J. An Empirical Study of Router Response to Large BGP Routing Table Load. Tech. Rep, ISI-TR-2001-552, USC/Information Sciences Institute, 2001.
[146] Cisco Systems. Troubleshooting High CPU Caused by the BGP Scanner or BGP Router Process. Document ID: 45620, 2003.
[147] Agarwal S, Chuah C, Bhattacharyya S, Diot C. Impact of BGP Dynamic on Router CPU Utilization. In: Proc. of the PAM, 2004.
[148] Quagga Routing Suite. http://www.quagga.net/.
[149]汪小帆,李翔,陈关荣.复杂网络理论及其应用.清华大学出版社,2006.
[150] Motter A, Nishikawa T, Lai Y. Cascade-Based Attacks on Complex Networks. Phys. Rev. E, 2002, 66: 065102(R).
[151] Moreno Y, Gómez J, Pacheco A. Instability of Scale-Free Networks under Node-Breaking Avalanches. Europhys. Lett, 2002, 58(4): 630-636.
[152] Asavathiratham C. The Influence Model: a Tractable Representation for the Dynamoics of Networked Markov Chains. Elec. Eng. And Comp. Sci. Dept, MIT, 2000.
[153] Bak P, Tang C, Wiesenfeld K. Self-Organized Criticality: an Explanation of the 1/f Noise. Phys. Rev. Lett, 1987, 59: 381-384.
[154] Dobson I, Chen J, Thop J, Carreras B, Newman D. Examining Criticality of Blackouts in Power System Models with Cascadeing Events. In: Proc. the of Hawaii Inernational Conference on System Sciences, 2002.
[155] Dobson I, Carreras B A, Newman D E. A Probabilistic Loading-Dependent Model of Cascadeing Failure and Possible Implications for Blackouts. In: Proc. of the Hawaii Inernational Conference on System Sciences, 2003.
[156] Villamizar C, Chandra R, Govindan R. Route Flab Damping. IETF RFC 2439, 1998.
[157] Kaeo M. Current Operational Security Practices in Internet Service Provider Environments. IETF RFC 4778, 2007.
[158] Sangli S, Chen E, Fernando R, Scudder J, Rekhter Y. Graceful Restart Mechanism for BGP, IETF RFC 4724, 2007.
[159] SSFNET. http://www.ssfnet.org/bgp/doc/.
[160] C-BGP, http://cbgp.info.ucl.ac.be/.
[161] Erlebach T, Hall A, Panconesi A, Vukadinovic D. Cuts and Disjoint Paths in the Valley-Free Path Model. Internet Mathematics, 2007, 3 (3): 333–360.
[162] Erlebach T, Moonen L S, Spieksma F C R, Vukadinovic D. Connectivity Measures for Internet Topologies on the Level of Autonomous Systems. Operations Research, 2009, 57 (4): 1006–1025.
[163] Cheriyan J, Thurimella R. Fast Algorithms for k-Shredders and k-Node Connectivity Augmentation. J. Algorithms, 1999, 33(1): 15-50.
[164] Bush R, Maennel O, Roughan M, Uhlig S. Internet Optometry: Assessing the Broken Glasses in Internet Reachability. In: Proc. of the ACM IMC, 2009.
[165] Oliveira R, Pei D, Willinger W, Zhang B, Zhang L. The (In)Completeness of the observed Internet AS-Level Structure. IEEE/ACM Trans. Networking, 2010, 18: 109–122.
[166] Menger K. Zur allgemeinem Kurventheorie. Fund. Math, 1927, 10: 96-115.
[167] Khuller S, Naor J. Flow in Planar Graphs with Vertex Capacities, Algorithmica, 1994, 11: 200-225.
[168] Cormen T, Leiserson C, Rivest R, Stein C. Introduction to Algorithms (2nd Edition). MIT Press and McGraw-Hill, 2001.
[169] Lawler E. Combinatorial Optimization: Networks and Matroids. Dover, 2001, 117–120.
[170] Kleinberg J, Tardos E. Algorithm Design. Addison Wesley, 2006.
[171] Liao Y, Gao L, Guerin R, Zhang Z. Safe Interdomain Routing under Diverse Commercial Aggreements. To appear in IEEE/ACM Trans. Networking, 2010, 18 (6): 1829-1840.