域间路由系统安全监测关键技术
|
摘要
基于BGP(Border Gateway Protocol)的域间路由系统是互联网的关键基础设施。互联网不仅在数据转发性能方面,而且在拓扑结构、健壮性、安全性等方面也都高度依赖于域间路由系统。但因BGP缺乏必要的安全机制,致使域间路由系统面临日益严重的安全威胁,急需提高域间路由系统的安全性以有效保护互联网基础结构及应用功能。
域间路由系统安全监测无需修改BGP协议,监测节点可根据用户需求增量式调整,部署成本低,可扩展性强,且仅需监测少数核心节点即可大幅提高域间路由系统的整体安全性。本文围绕BGP异常路由检测、异常节点识别、路径真实性验证以及域间路由系统安全态势感知等关键问题,研究域间路由系统安全监测技术。主要研究工作包括:
1.研究域间路由系统级联失效问题,并提出一种基于负载择优重分配的级联失效模型
域间路由系统可能发生级联失效,且一旦发生将严重破坏互联网基础结构。然而针对域间路由系统,目前尚缺乏完整、合理的级联失效模型以及级联失效规模评估方法。基于节点失效后负载重分配的择优连接特性,提出一种域间路由系统级联失效模型CFM。将节点的初始负载、额定负载定义为节点度的关联函数,基于BGP节点的择优特性分析节点失效后的负载重分配对相邻节点的影响,通过判断初始负载、重分配负载和额定负载的关系来描述节点失效的传播机理和过程。分析与实验结果表明,该模型反映的域间路由系统级联失效的产生机理及特点与真实环境相一致,为级联失效预防与控制技术的深入研究奠定基础。
2.针对域间路由异常检测和异常节点识别,提出一种基于免疫理论的域间路由系统异常检测模型
已有域间路由系统安全监测技术存在异常检测误报率高、自适应性差等问题,尤其缺乏有效的异常节点识别方法。基于免疫理论,提出一种域间路由系统异常检测模型ITMM。检测异常域间路由时,先利用规模小且匹配率高的记忆检测细胞集合检测更新路由,然后再利用成熟检测细胞集合进行异常检测,由此提高检测效率;将域间路由系统看作一个由不同BGP节点组成的、不同节点分布式工作、节点之间能够相互作用的协同识别网络,进而利用节点间的相互评价实现异常节点识别。实验结果表明,ITMM模型能够实现对域间路由系统异常路由的检测和异常节点的识别,准确性高、自适应性强。
3.针对更新报文AS_PATH属性真实性难以判定,提出一种基于协同查询的域间路由路径验证机制
BGP节点在交互路由信息的过程中,不对AS_PATH属性的真实性进行验证,致使恶意节点可以通过发布伪造路由对特定自治域施加恶意影响。为此,提出一种基于协同查询的域间路由路径真实性验证机制DAIR。该机制的参与节点通过查询全局邻接信息和对等节点的邻接信息,验证更新报文AS_PATH属性的真实性。分析与实验结果表明,DAIR能够有效地防范自治系统遭受AS_PATH伪造或篡改攻击,且仅需少数核心节点参与即可获得很好效果。
4.针对域间路由系统安全状况难以实时评估,提出一种基于云模型的安全态势感知方法
借鉴云模型能够实现定量特征与定性概念相互转换的特点,提出一种域间路由系统安全态势感知方法CSSAM,以平均路径长度和路由事件频度等属性为安全特征,构建域间路由系统安全特征云,继而依据安全特征偏离其正常态的程度来评估域间路由系统的安全态势。实验结果表明,CSSAM方法能够实现对域间路由系统安全态势的定性与定量感知,准确性高、实时性强。
5.针对域间路由系统协同监测的参与节点缺乏积极性,提出一种基于博弈的协同监测激励策略
域间路由系统协同监测的参与节点分属不同机构,且没有集中的管理中心。这种环境下必然会有某些节点出于自身利益的考虑,在协同监测过程中缺乏积极性,或者隐藏部分路由信息或者共享路由信息的意愿低,由此将难以获取到全面、详细的路由监测信息,从而降低域间路由系统协同监测的可用性。利用博弈论中的囚徒困境模型分析协同节点在交互路由监测信息时的行为特点,进而提出一种域间路由系统协同监测激励策略GTIS,利用信誉状态参数量化描述节点的行为表现,依据节点信息交互行为的策略选择对其信誉动态调整;引入“人性化”的惩罚机制对投机节点实施区别化惩罚。分析与实验结果表明,GTIS策略可有效激励节点协同监测并显著提高信息交互成功率。
The BGP-based inter-domain routing system plays an improtant role in the Internet. Notonly the performance of data forwarding, but also the topology, robustness, and security of theInternet severely rely on the inter-domain routing system. However, the BGP has some designflaws, which result in many serious security issues for the inter-domain routing system.Therefore, it is most urgent to propose effective solutions to enhance the security of inter-domainrouting system.
Security monitoring systems have been developed in recent years. These systemssignificantly enhance the security of the inter-domain routing system through merely deployingseveral monitoring nodes. Compared with previous approaches, they are cheaper and easier todeploy because there is no need to construct public-key infrastructure or modify the BGP. Therealso exist some key problems to be resolved, although researches into security monitoring havegained several outcomes. For example, existing solutions cannot support the detection ofabnormal inter-domain routes nor recognize malicious BGP nodes. This thesis pays specialattention to investigate and study security monitoring technologies for inter-domain routingsystem. Major contributions of this thesis are as follows:
Firstly, this thesis explores the cascading failure phenomenon of inter-domain routingsystem, and then proposes a cascading failure model based on the preferential attachmentcharacteristic of BGP nodes.
Recent works have revealed that vulnerabilities in the inter-domain routing system couldlead to cascading failures. Obviously, once it happens, the connectedness of Internet will beseverely damaged. Therefore, it needs to study the mechanism of cascading failure ininter-domain routing system, and then propose a novel solution to evade and control this problem.However, few works have studied the production mechanism of cascading failure in theinter-domain routing system, especially the reason why different failure scenes have differentinfluences on the scale of cascading failure.
On the basis of the preferential attachment characteristic, this thesis propose a cascadingfailure model for inter-domain routing system, which depicts the production mechanism ofcascading failure, and introduce two evaluating indicators, the proportion of failed nodes and theproportion of failed links, to assess the scale of cascading failure. Furthermore, this model isapplied to display two different cascading failure scenes. Experimental results show that therandom failure has less influence on the inter-domain routing system, while its robustness againstthe hostile attack is weak.
Secondly, this thesis proposes a new model based on immune theory to monitor theinter-domain routing system.
Existing solutions cannot support the detection of abnormal inter-domain routes norrecognize malicious BGP nodes. Thus, a new model based on immune theory for monitoring theinter-domain routing system, termed the ITMM, is proposed. The proposed model has greaterability to detect abnormal inter-domain routes and identify malicious nodes.
Specifically, the anomaly detection borrows immunity mechanisms used to identify “self”and “non-self”, such as immune memory and negative selection. Furthermore, based on dynamicimmune network theory, a new method for identifying anomalous nodes is presented. In this way,the system can identify anomalous nodes through the mutual evaluation between nodes. Theexperimental results confirm the method’s ability to detect abnormal routes and identifyanomalous nodes in the inter-domain routing system.
Thirdly, this thesis proposes a new mechanism based on cooperative query to certify theAS_PATH attribute of BGP updates.
In the process of exchanging routing information between BGP nodes, the BGP will notcertify the authenticity of that information. It results that malicious nodes can optionallyannounce several special bogus routes to redirect the traffic, which should be forwarded to somenode. However, there is no solution satisfying the requirement of real environment up to now.
To address the above problem, DAIR, a new mechanism based on path authentication forabnormal detection is proposed. It offers an efficient and defensive method to prevent bogusAS_PATH attack. In the DAIR, every participant declares its peering links, and makes use of theothers’ peering links to validate BGP routes. The experimental results show that just minoritiesof core nodes join in DAIR, it can meet with good results of preventing bogus AS_PATH attack.Furthermore, this mechanism need not modify the BGP, so it is easier to deploy and cheaper toimplement.
Fourthly, a cloud-model-based awareness method is proposed, which can evaluate thesecurity status of the inter-domain routing system.
Existing researches evaluate the security status of inter-domain routing system throughanalyzing and processing the set of abnormal routes. However, because the abnormal route set isdifficult to collect, and its integrality can be hardly ensured, so those methods have not beenwidely accepted.
Borrowed an idea from Cloud Model theory in transforming values of quantitativecharacteristics to a qualitative concept, CSSAM, an awareness method for inter-domain routingsystem is proposed. It constructs a cloud model with a mass of numerical values of threatcharacteristics at the normal state, and then computes threat probability of the system throughmeasuring the degree of threat characteristics deviating from their norms. The experimentalresults show that this method has a good ability to sense the security situation of the inter-domainrouting system.
Finally, for enhancing the success rate of information exchange between cooperativemonitoring nodes, a game-theory-based incentive strategy is proposed.
The cooperative monitoring, which supports incremental deployment and does not modifythe BGP protocol, is a feasible way to improve the security of the BGP-based inter-domainrouting system. However, the behavior of its participants is autonomous and changeable forgetting much more profit, that results the cooperative network working in low efficiency.
The above problem is depicted as an non-cooperative game, and based on the Game Theory,GTIS, an incentive strategy for the inter-domain routing cooperative monitoring, is proposed. In GTIS, the reputation status is used to describe the performance of a node in the cooperativenetwork. It encourages nodes to choose positive and honest behavior strategies for greater andlong-term benefits. At the same time, a "humane" punishment mechanism is developed to curbspeculation nodes. If a node depart from the normal many times in its life period, it will bepunished superimposed. By this way, the "first offender" nodes and the "recidivist" nodes can beeffectively distinguished. Theoretical analysis and simulation results show that, with the GTISstrategy, cooperative nodes turn to be positive and honest when exchanging routing information,so that, the success rate of information exchange between nodes gets higher.
域间路由系统安全监测无需修改BGP协议,监测节点可根据用户需求增量式调整,部署成本低,可扩展性强,且仅需监测少数核心节点即可大幅提高域间路由系统的整体安全性。本文围绕BGP异常路由检测、异常节点识别、路径真实性验证以及域间路由系统安全态势感知等关键问题,研究域间路由系统安全监测技术。主要研究工作包括:
1.研究域间路由系统级联失效问题,并提出一种基于负载择优重分配的级联失效模型
域间路由系统可能发生级联失效,且一旦发生将严重破坏互联网基础结构。然而针对域间路由系统,目前尚缺乏完整、合理的级联失效模型以及级联失效规模评估方法。基于节点失效后负载重分配的择优连接特性,提出一种域间路由系统级联失效模型CFM。将节点的初始负载、额定负载定义为节点度的关联函数,基于BGP节点的择优特性分析节点失效后的负载重分配对相邻节点的影响,通过判断初始负载、重分配负载和额定负载的关系来描述节点失效的传播机理和过程。分析与实验结果表明,该模型反映的域间路由系统级联失效的产生机理及特点与真实环境相一致,为级联失效预防与控制技术的深入研究奠定基础。
2.针对域间路由异常检测和异常节点识别,提出一种基于免疫理论的域间路由系统异常检测模型
已有域间路由系统安全监测技术存在异常检测误报率高、自适应性差等问题,尤其缺乏有效的异常节点识别方法。基于免疫理论,提出一种域间路由系统异常检测模型ITMM。检测异常域间路由时,先利用规模小且匹配率高的记忆检测细胞集合检测更新路由,然后再利用成熟检测细胞集合进行异常检测,由此提高检测效率;将域间路由系统看作一个由不同BGP节点组成的、不同节点分布式工作、节点之间能够相互作用的协同识别网络,进而利用节点间的相互评价实现异常节点识别。实验结果表明,ITMM模型能够实现对域间路由系统异常路由的检测和异常节点的识别,准确性高、自适应性强。
3.针对更新报文AS_PATH属性真实性难以判定,提出一种基于协同查询的域间路由路径验证机制
BGP节点在交互路由信息的过程中,不对AS_PATH属性的真实性进行验证,致使恶意节点可以通过发布伪造路由对特定自治域施加恶意影响。为此,提出一种基于协同查询的域间路由路径真实性验证机制DAIR。该机制的参与节点通过查询全局邻接信息和对等节点的邻接信息,验证更新报文AS_PATH属性的真实性。分析与实验结果表明,DAIR能够有效地防范自治系统遭受AS_PATH伪造或篡改攻击,且仅需少数核心节点参与即可获得很好效果。
4.针对域间路由系统安全状况难以实时评估,提出一种基于云模型的安全态势感知方法
借鉴云模型能够实现定量特征与定性概念相互转换的特点,提出一种域间路由系统安全态势感知方法CSSAM,以平均路径长度和路由事件频度等属性为安全特征,构建域间路由系统安全特征云,继而依据安全特征偏离其正常态的程度来评估域间路由系统的安全态势。实验结果表明,CSSAM方法能够实现对域间路由系统安全态势的定性与定量感知,准确性高、实时性强。
5.针对域间路由系统协同监测的参与节点缺乏积极性,提出一种基于博弈的协同监测激励策略
域间路由系统协同监测的参与节点分属不同机构,且没有集中的管理中心。这种环境下必然会有某些节点出于自身利益的考虑,在协同监测过程中缺乏积极性,或者隐藏部分路由信息或者共享路由信息的意愿低,由此将难以获取到全面、详细的路由监测信息,从而降低域间路由系统协同监测的可用性。利用博弈论中的囚徒困境模型分析协同节点在交互路由监测信息时的行为特点,进而提出一种域间路由系统协同监测激励策略GTIS,利用信誉状态参数量化描述节点的行为表现,依据节点信息交互行为的策略选择对其信誉动态调整;引入“人性化”的惩罚机制对投机节点实施区别化惩罚。分析与实验结果表明,GTIS策略可有效激励节点协同监测并显著提高信息交互成功率。
The BGP-based inter-domain routing system plays an improtant role in the Internet. Notonly the performance of data forwarding, but also the topology, robustness, and security of theInternet severely rely on the inter-domain routing system. However, the BGP has some designflaws, which result in many serious security issues for the inter-domain routing system.Therefore, it is most urgent to propose effective solutions to enhance the security of inter-domainrouting system.
Security monitoring systems have been developed in recent years. These systemssignificantly enhance the security of the inter-domain routing system through merely deployingseveral monitoring nodes. Compared with previous approaches, they are cheaper and easier todeploy because there is no need to construct public-key infrastructure or modify the BGP. Therealso exist some key problems to be resolved, although researches into security monitoring havegained several outcomes. For example, existing solutions cannot support the detection ofabnormal inter-domain routes nor recognize malicious BGP nodes. This thesis pays specialattention to investigate and study security monitoring technologies for inter-domain routingsystem. Major contributions of this thesis are as follows:
Firstly, this thesis explores the cascading failure phenomenon of inter-domain routingsystem, and then proposes a cascading failure model based on the preferential attachmentcharacteristic of BGP nodes.
Recent works have revealed that vulnerabilities in the inter-domain routing system couldlead to cascading failures. Obviously, once it happens, the connectedness of Internet will beseverely damaged. Therefore, it needs to study the mechanism of cascading failure ininter-domain routing system, and then propose a novel solution to evade and control this problem.However, few works have studied the production mechanism of cascading failure in theinter-domain routing system, especially the reason why different failure scenes have differentinfluences on the scale of cascading failure.
On the basis of the preferential attachment characteristic, this thesis propose a cascadingfailure model for inter-domain routing system, which depicts the production mechanism ofcascading failure, and introduce two evaluating indicators, the proportion of failed nodes and theproportion of failed links, to assess the scale of cascading failure. Furthermore, this model isapplied to display two different cascading failure scenes. Experimental results show that therandom failure has less influence on the inter-domain routing system, while its robustness againstthe hostile attack is weak.
Secondly, this thesis proposes a new model based on immune theory to monitor theinter-domain routing system.
Existing solutions cannot support the detection of abnormal inter-domain routes norrecognize malicious BGP nodes. Thus, a new model based on immune theory for monitoring theinter-domain routing system, termed the ITMM, is proposed. The proposed model has greaterability to detect abnormal inter-domain routes and identify malicious nodes.
Specifically, the anomaly detection borrows immunity mechanisms used to identify “self”and “non-self”, such as immune memory and negative selection. Furthermore, based on dynamicimmune network theory, a new method for identifying anomalous nodes is presented. In this way,the system can identify anomalous nodes through the mutual evaluation between nodes. Theexperimental results confirm the method’s ability to detect abnormal routes and identifyanomalous nodes in the inter-domain routing system.
Thirdly, this thesis proposes a new mechanism based on cooperative query to certify theAS_PATH attribute of BGP updates.
In the process of exchanging routing information between BGP nodes, the BGP will notcertify the authenticity of that information. It results that malicious nodes can optionallyannounce several special bogus routes to redirect the traffic, which should be forwarded to somenode. However, there is no solution satisfying the requirement of real environment up to now.
To address the above problem, DAIR, a new mechanism based on path authentication forabnormal detection is proposed. It offers an efficient and defensive method to prevent bogusAS_PATH attack. In the DAIR, every participant declares its peering links, and makes use of theothers’ peering links to validate BGP routes. The experimental results show that just minoritiesof core nodes join in DAIR, it can meet with good results of preventing bogus AS_PATH attack.Furthermore, this mechanism need not modify the BGP, so it is easier to deploy and cheaper toimplement.
Fourthly, a cloud-model-based awareness method is proposed, which can evaluate thesecurity status of the inter-domain routing system.
Existing researches evaluate the security status of inter-domain routing system throughanalyzing and processing the set of abnormal routes. However, because the abnormal route set isdifficult to collect, and its integrality can be hardly ensured, so those methods have not beenwidely accepted.
Borrowed an idea from Cloud Model theory in transforming values of quantitativecharacteristics to a qualitative concept, CSSAM, an awareness method for inter-domain routingsystem is proposed. It constructs a cloud model with a mass of numerical values of threatcharacteristics at the normal state, and then computes threat probability of the system throughmeasuring the degree of threat characteristics deviating from their norms. The experimentalresults show that this method has a good ability to sense the security situation of the inter-domainrouting system.
Finally, for enhancing the success rate of information exchange between cooperativemonitoring nodes, a game-theory-based incentive strategy is proposed.
The cooperative monitoring, which supports incremental deployment and does not modifythe BGP protocol, is a feasible way to improve the security of the BGP-based inter-domainrouting system. However, the behavior of its participants is autonomous and changeable forgetting much more profit, that results the cooperative network working in low efficiency.
The above problem is depicted as an non-cooperative game, and based on the Game Theory,GTIS, an incentive strategy for the inter-domain routing cooperative monitoring, is proposed. In GTIS, the reputation status is used to describe the performance of a node in the cooperativenetwork. It encourages nodes to choose positive and honest behavior strategies for greater andlong-term benefits. At the same time, a "humane" punishment mechanism is developed to curbspeculation nodes. If a node depart from the normal many times in its life period, it will bepunished superimposed. By this way, the "first offender" nodes and the "recidivist" nodes can beeffectively distinguished. Theoretical analysis and simulation results show that, with the GTISstrategy, cooperative nodes turn to be positive and honest when exchanging routing information,so that, the success rate of information exchange between nodes gets higher.
引文
[1] Internet World Stats. Internet Users in the World (Distribution by World Region)[EB/OL].:http://www.internetworldstats.com,2012.
[2]中国互联网络信息中心.中国互联网络发展状况统计报告[EB/OL].:http://www.cnnic.net.cn/dtygg/dtgg/201201,2012-01-19.
[3]国家互联网应急中心.CNCERT互联网安全威胁报告[EB/OL].:http://www.cert.org.cn/UserFiles/File/201202monthly.pdf,2012-02-01.
[4] H.Geoff. The16-bit AS Number Report[EB/OL].: http://www.potaroo.net/tools/asns,2010-4-7.
[5] Malkin Gary Scott. RIP Version2[S]. Internet Engineering Task Force(IETF) RFC2453,1998.
[6] Moy John. OSPF Version2[S]. Internet Engineering Task Force(IETF) RFC2328,1998.
[7] Callon R. Use of OSI IS-IS for routing in TCP/IP and dual environments[S]. InternetEngineering Task Force(IETF).RFC1195,1990.
[8]卢锡城,赵金晶,朱培栋,董攀.域间路由系统自组织特性[J].软件学报,2006,17(09):1922-1932.
[9]赵金晶,黄敏桓,朱培栋.基于复杂系统理论的域间路由系统演化模型CMV-HOT[J].计算机研究与发展,2009,48(05):731-737.
[10] Prehofer C, Bettstetter C. Self-Organization in communication networks: Principles anddesign paradigms[J]. IEEE Communications Magazine,2005,43(7):78-85.
[11] Alderson D, Willinger W. A contrasting look at self-organization in the Internet andnext-generation communication networks[J]. IEEE Communications Magazine,2005,43(7):94-100.
[12] A. Barbir, S. Murphy, Y. Yang. Generic Threats to Routing Protocols[S]. IETF RFC4593,October2006.
[13] Bono V. J.7007Explanation and Apology[EB/OL].: http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html,1997-04-12.
[14] Merit Network. AS8584taking over the Internet[EB/OL].: http://www.cctec.com/maillists/nanog/historical/9804/msg00047.html,1998-04-15.
[15] rishaw jamie. man filters[EB/OL].: http://www.merit.edu/mail.archives/nanog/2000-12/msg00110.html,2000-12-15.
[16] Farrar J. C&W Routing Instability[EB/OL].: http://www.merit.edu/mail.archives/nanog/2001-04/msg00209.html,2001-04-02.
[17] Popescu Alin C., Premore Brian J., Underwood Todd. Anatomy of a leak:AS9121[EB/OL].: http://www.nanog.org/mtg-0505/underwood.html,2004-11-01.
[18] Wan Tao, Oorschot Paul C. van. Analysis of BGP Prefix Origins During Google's May2005Outage[A]. In: Proceedings of the20th International Parallel and DistributedProcessing Symposium(IPDPS)[C]. Rhodes Island, Greece,2006:135-142.
[19] Linsalata D.12/8problems?[EB/OL].: http://www.merit.edu/mail.archives/nanog/2005-09/msg00295.html,2005-09-01.
[20] The Routing Arbiter Project. AS8437announced a quarter of the net for half of anhour[EB/OL].: http://www.merit.edu/mail.archives/nanog/msg01700.html,2006-02-01.
[21] Renesys. Pakistan hijacks YouTube[EB/OL].: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml,2008-02-01.
[22] K. Sriram, O. Borchert, O. Kim, P. Gleichmann, D. Montgomery. A comparative analysisof BGP anomaly detection and robustness algorithms[A]. In: Proceedings ofCyber-security Applications Technology Conference for Homeland Security[C].Washindon, USA,2009:25-38.
[23] A. Haeberlen, I. Avramopoulos, J. Rexford, P. Druschel. NetReview: Detecting wheninterdomain routing goes wrong[A]. In: Proceedings of the6th USENIX symposium onNetworked Systems Design and Implementation[C].2009:437-452.
[24] O. Nordstr O M, C. Dovrolis. Beware of BGP attacks[J]. ACM SIGCOMM ComputerCommunication Review,2004,34(2):1-8.
[25] B. Quoitin, O. Bonaventure. A cooperative approach to interdomain traffic engineering[A].In: Proceedings of Next Generation Internet Networks[C]. Rome, Italy,2005:450-457.
[26] K. Butler, T. R. Farley, P. McDaniel, J. Rexford. A survey of BGP security issues andsolutions[J]. Proceedings of the IEEE,2010,98(1):100-122.
[27] Touch, D. Black, Y. Wang. Problem and applicability statement for better than nothingsecurity (BTNS)[S]. IETF RFC5387, November2008.
[28] H. Yin, B. Sheng, H. Wang, J. Pan. Securing BGP through keychain-based signatures[A].In: Proceedings of the15th IEEE International Workshop on Quality of Service[C].Charleston, SC,2007:154-163.
[29] Max Schuchard, Abedelaziz Mohaisen, Denis Foo Kune, et al. Losing Control of theInternet: Using the Data Plane to Attack the Control Plane[A]. In: Proceedings of the17thACM Conference on Computer and Communication Security[C]. Chicago, Illinois, USA,2010:726-728.
[30] Y. Zhang, Z. M. Mao, and J. Wang. Low-rate TCP-targeted DoS attack disrupts Internetrouting[A]. In: Proceedings of the Network and Distributed System Security Symposium(NDSS)[C]. San Diego, California, USA,2007:223-229..
[31] Jacob Aron. The cyber-weapon that could take down the internet[EB/OL].:http://www.newscientist.com/article/dn20113-the-cyber-weapon-that-could-take-down-the-internet,2011-02-11.
[32]新华网.美发明网络武器“数字大炮”可摧毁整个互联网[EB/OL].:http://news.xinhuanet.com/mit/2011-02/15/c_121082249.htm,2011-02-25.
[33]人民网.超级武器“数字大炮”[EB/OL].:http://military.people.com.cn/GB/8221/51757/194438/194633/14008297.html,2011-02-25.
[34] M. Nicholes, B. Mukherjee. A survey of security techniques for the border gatewayprotocol (BGP)[J]. IEEE Communications Surveys&Tutorials,2009,11(1):52-65.
[35]张威,毕军,吴建平.互联网域间路由可扩展性[J].软件学报,2011,22(1):84-100.
[36] X. Hu, Z. M. Mao. Accurate real-time identification of IP prefix hijacking[A]. In:Proceedings of IEEE Symposium on Security and Privacy[C]. Oakland, California, USA,2007:3-17.
[37] J. Karlin, S. Forrest, J. Rexford. Autonomous security for autonomous systems[J].Computer Networks,2008,52(15):2908-2923.
[38]刘欣,王小强,朱培栋,彭宇行.互联网域间路由系统安全态势评估[J].计算机研究与发展,2009,46(10):1669-1677.
[39] P. Gill, M. Schapira, S. Goldberg. Let the market drive deployment: A strategy fortransitioning to BGP security[A]. In: Proceedings of the ACM SIGCOMM[C]. Toronto,CA,2011:14-25.
[40] T. Qiu, L. Ji, D. Pei, J. Wang, J. Xu, H. Ballani. Locating prefix hijackers using LOCK[A].In: Proceedings of the18th Conference on USENIX Security Symposium[C]. Montreal,CA,2009:135-150.
[41]谭晶,罗军舟,李伟,于枫.基于可信度的域间路由机制[J].计算机学报,2010,33(9):1763-1774.
[42] Y. Li, M. Liljenstam, J. Liu. Real-time security exercises on a realistic interdomain routingexperiment platform[A]. In: Proceedings of the23rd ACM/IEEE/SCS Workshop onPrinciples of Advanced and Distributed Simulation[C]. New York, USA,2009:54-63.
[43] F. Sanchez, Z. Duan. Region-based BGP announcement filtering for improved BGPsecurity[A]. In: Proceedings of the5th ACM Symposium on Information, Computer andCommunications Security[C]. Beijing, China,2010:89-100.
[44] N. Hu, P. Zhu, P. Zou. Reputation mechanism for inter-domain routing securitymanagement[A]. In: Proceedings of the9th IEEE International Conference on Computerand Information Technology[C]. Xiamen, China,2009:98-103.
[45]王娜,智英建,张建辉,程东年,汪斌强.一个基于身份的安全域问路由协议[J].软件学报,2009,20(12):3223-3239.
[46] T. Vardar. Security in Interdomain Routing[D]. Helsinki: Helsinki University ofTechnology,2004.
[47] S. Goldberg, M. Schapira, P. Hummon, J. Rexford. How secure are secure inter-domainrouting protocols[J]. ACM SIGCOMM Computer Communication Review,2010,87-98.
[48] S. Kent, C. Lynn, K. Seo. Secure border gateway protocol (S-BGP)[J]. IEEE Journal onSelected Areas in Communications,2000,18(4):582-592.
[49] K. Seo, C. Lynn, S. Kent. Public-key infrastructure for the secure border gateway protocol(S-BGP)[A]. In: Proceedings of DARPA Information Survivability Conference&Exposition II[C]. California, USA,2001:239-253.
[50] White R. Securing BGP through secure origin BGP[J]. Internet Protocol Journal,2003,6(3):15-22.
[51] P. C. Oorschot, T. Wan, E. Kranakis. On interdomain routing security and pretty secureBGP (psBGP)[J]. ACM Transactions on Information and System Security (TISSEC),2007,10(3):11-25.
[52] D.Pei, L. Mohit, Z. Beichuan. Route Diagnosis in Path Vector Protocols[R]. California:UCLA CSD,2004.
[53] Zhao. Validation of Multiple Origin ASes Conflicts through BGP CommunityAttribute[EB/OL].: http://datatracker.ietf.org/doc/draft-zhao-idr-moasvalidation-00.txt,2001-04-01.
[54] L. Subramanian, V. Roth, I. Stoica, et al. Listen and Whisper: Security Mechanisms forBGP[A]. In: Proceedings of1th Symposium on Networked Systems Design andImplementation(NSDI'04)[C]. San Francisco, USA,2004:127-140.
[55] J. Karlin, S. Forrest, J. Rexford. Pretty good BGP: Improving BGP by cautiously adoptingroutes[A]. In: Proceedings of the14th IEEE International Conference on NetworkProtocols[C]. California, USA,2006:290-299.
[56] RIPE. Ripe’s MyASN[EB/OL].: http://www.ris.ripe.net/myasn.html,2011-05-01.
[57] Lad M, Massey D, Pei D., et al. PHAS: a prefix hijack alert system[A]. In: Proceedings ofthe15th USENIX Security Symposium[C]. Vancouver, Canada,2006:108-119.
[58] Renesys. Renesys’ Routing Intelligence[EB/OL].: http://www.renesys.com/products_services/routing_intelligence/,2011-05-01.
[59] Goodell G., Aiello W., Griffin T., et al. Working around BGP: An incremental approach toimproving security and accuracy of inter-domain routing[A]. In: Proceedings of the ISOCNDSS[C]. San Diego, US,2003:75-85.
[60] A. Osamu, F. Kensuke, H. Toshio, et al., Policy-based BGP Control Architecture forAutonomous Routing Management[A]. In: Proceedings of SIGCOMM Workshop onInternet Network Management[C]. Pisa, Italy,2006:77-82.
[61] Jaiswal S, Rosenberg A L, Towsley D. Comparing the structure of power-law graphs andthe Internet AS graph[A]. In: Proceedings of the12th IEEE International Conference onNetwork Protocols[C]. Berlin, Germany,2004:294-303.
[62] Faloutsos M, Faloutsos P, Faloutsos C. On power-law relationships of the Internettopology[J]. ACM SIGCOMM Computer Communtcation Review,1999,29(4):251-262.
[63] Siganos G, Faloutsos M, Faloutsos P, Faloutsos C. Power laws and the AS-level Internettopology[J]. IEEE/ACM Transactions on Networking,2003,11(4):514-524.
[64] Dorogovtsev S N. Clustering of correlated networks[J]. Physical Review E,2004, vol.69,no.027104
[65] Newman M E J. Assortative mixing in networks[J]. Physical Review Letters,2002, vol.89,no.208701.
[66] Zhou S, Mondragon R J. The rich-club phenomenon in the Internet topology[J]. IEEECommunications Letters,2004,8(3):180-182.
[67] Zhou S, Mondragon R J. Accurately modeling the Internet topology[J]. Physical Review E,2004, vol.70, no.066108.
[68] Mahadevan P, Krioukov D, Fomenkov M, et al. Lessons from three views of the Internettopology[R]. arXiv: cs. NI/0508033,2005.
[69]汪小帆,陈关荣.复杂网络理论及其应用[M].北京:清华大学出版社,2006.
[70]张宇,方滨兴,张宏莉.中国AS级拓扑测量与分析[J].计算机学报,2008,31(4):611-619.
[71] Dorogovtsev SN. Clustering of correlated networks[J]. Physical Review E,2004, vol.69,no.027104.
[72]张国强,张国清.Internet网络的关联性研究[J].软件学报,2006,17(3):490-497.
[73] Watts D. J. Small World: The Dynamic of Networks between Order and Randomness[J].Nature,1999,393-440.
[74] Claffy K. Internet Measurement and Data Analysis: Topology, Workload, Performance andRouting Statistics[EB/OL].: http://www.caida.org/outreach/papers/1999/Nae,2011-02-01:
[75] Newman MEJ. Assortative mixing in networks[J]. Physical Review Letter,2002, vol.89,no.208701.
[76] Clauset A, Newman M E J, Moore C. Finding community structure in very largenetworks[J]. Physical Review E,2004,70(6):66-111.
[77]张国强,张国清.互联网AS级拓扑的局部聚团现象研究[J].复杂系统与复杂性科学,2006,3(3):34-41.
[78]袁韶谦,赵海,张昕,李超.Internet拓扑的社团结构分析[J].复杂系统与复杂性科学,2007,4(3):17-27.
[79] M. Lad, R. Oliveira, B. Zhang, L. Zhang. Understanding resiliency of internet topologyagainst prefix hijack attacks[A]. In: Proceedings of the37th Annual IEEE/IFIPInternational Conference on Dependable Systems and Networks[C]. Edinburgh, UK,2007:368-377.
[80] X. Hu, Z. M. Mao. Accurate real-time identification of IP prefix hijacking[A]. In:Proceedings of IEEE Symposium on Security and Privacy[C]. Oakland, California, USA,2007:3-17.
[81] T. Qiu, L. Ji, D. Pei, J. Wang, J. Xu, H. Ballani. Locating prefix hijackers using LOCK[A].In: Proceedings of the18th conference on USENIX security symposium[C]. Montreal, CA,2009:135-150.
[82] K. Butler, P. McDaniel, W. Aiello. Optimizing BGP security by exploiting path stability[A].In: Proceedings of the13th ACM Conference on Computer and CommunicationsSecurity[C]. Alexandria, VA, USA,2006:298-310.
[83] M. Schapira, Y. Zhu, J. Rexford. Putting BGP on the right path: A case for next-hoprouting[A]. In: Proceedings of the9th ACM SIGCOMM Workshop on Hot Topics inNetworks[C]. Monterey, CA,2010:1-6.
[84] S. Goldberg, S. Halevi, A. D. Jaggard, V. Ramachandran, R. N. Wright. Rationality andtraffic attraction: Incentives for honest path announcements in BGP[J]. ACM SIGCOMMComputer Communication Review,2008,267-278.
[85] Y. C. Hu, A. Perrig, M. Sirbu. SPV: Secure path vector routing for securing BGP[J]. ACMSIGCOMM Computer Communication Review,2004,179-192.
[86] Mahajan Ratul, Wetherall David, Anderson Tom. Understanding BGP Misconfiguration[A].In: Proceedings of ACM SIGCOMM[C]. Pittsburgh, USA,2002:3-16.
[87] Bellovin Steven M., Gansner Emden R. Using Link Cuts to Attack Internet Routing[A]. In:Proceedings of the12th USENIX Security Symposium[C]. Washington, DC, USA,2003:119-127.
[88] Villamizar C., Chandra R., Govindan R. BGP route flap damping[S]. Internet EngineeringTask Force(IETF) RFC2439,1998.
[89] Sriram Kotikalapudi, Montgomery Doug, Borchert Oliver, et al. Study of BGP PeeringSession Attacks and Their Impacts on Routing Performance[J]. IEEE Journal on SelectedAreas in Communications: Special issue on High-Speed Network Security,2006,24(10):1901-1915.
[90] Lamport Leslie, Shostak Robert, Pease Marshall. The Byzantine Generals Problem[J].ACM Transactions on Programming Languages and Systems,1982,4(3):382-401.
[91] Perlman R. J. Network Layer Protocols with Byzantine Robustness[D]. Massachusetts:Massachusetts Institute of Technology,1988.
[92] I. Ray, E. Kim, D. Massey. A Framework to Facilitate Forensic Investigation for FalselyAdvertised BGP Routes[J]. Information System Security,2007,3(2):32-65.
[93]胡宁,邹鹏,朱培栋.域间路由协同管理机制及其应用[J].计算机研究与发展,2009,46(8):1251-1259.
[94]胡宁,邹鹏,朱培栋.基于信誉机制的域间路由安全协同管理方法[J].软件学报,2010,21(3):505-515.
[95] J. Cowie, A. Ogielski, B. Premore, Y. Yuan, Global Routing Instabilities Triggered byCode Red II and Nimda Worm Attacks[R]. USA: Renesys Corporation, December2001.
[96] Crucitti, Latora V, Marchiori M. Model for cascading failures in complex networks[J].Physical Review E,2004:69,045104(R).
[97] Moreno Y, Gomez J B, Pacheco A F. Instability of scale-free networks undernode-breaking avalanches[J]. Europhysical Letter,2002,58(4):630-636.
[98] Motter A E, Nishikawa, Lai Y C. Cascade-based attacks on complex networks[J]. PhysicalReview E,2002, vol.66, no.065102
[99] Holme P, Kim B J. vertex overload breakdowm in evolving networks[J]. Physical ReviewE,2002, vol.65, no.066109.
[100] Crucitti P, Latora V, Marchiori M. Model for cascading failures in complex networks[J].Physical Review E,2004, vol.69, no.045104
[101] Kinney R, Crucitti P, Albert R, Latora V. Modeling cascading failure in the NorthAmerican power grid[J]. European Physical Journal B,2005,46:101-107.
[102] Watts D J. a simple model of global cascades on random network[J]. PNAS,2002,99:5766-5771.
[103] Dobson I, Chen J, Thorp J S, et al. Examining criticality of blackouts in power systemmodels with cascading events[A]. In: Proceeding of the35th Hawaii InternationalConference on System Sciences[C]. Hawaii, USA,2002:63-72.
[104] Dobson I, Carreras B A, Newman D E. a loading-dependent model of probabilisticcascading failure[J]. Probability in the Engineering and Information Science,2005,19(1):15-32.
[105] Bonabeau E. Sandpile dynamics on random graphs[J]. Japanese Journal of PhysicalSociety,1995,64:327-328.
[106] Lise S, Paczuski M. Non-conservative earthquake model of self-organized criticality on arandom graph[J]. Physical Review Letters,2008, vol.88, no.228301.
[107] Lee D S, Goh K I, Kahng B, Kim D. Sandpile on scale-free networks[J]. Physical ReviewLetters,2003, vol.91, no.148701.
[108] Dobson I, Chen J, Thorp J S, et al. Examining criticality of blackouts in power systemmodels with cascading events[A]. In: Proceedings of35th International Conference onSystem Sciences[C]. Hawaii, USA,2002:63-72.
[109] Wang X F, Xu J. Cascading failures in coupled map lattices[J]. Physical Review E,2004,vol.70, no.056113
[110] Xu J, Wang X F. Cascading failures in scale-free coupled map lattices[J]. Physic A,2005,349:685-692.
[111] Wenping Deng, Peidong Zhu, Xicheng Lu. On Evaluating BGP Routing Stress Attack[J].Journal of communications,2010,5(1):13-22.
[112] CAIDA. BGP AS links[EB/OL].: http://as-rank.caida.org,2011-02-01.
[113] Esponda F, Forrest S, Helman P. A formal framework for positive and negative detection[J].IEEE Transaction System Man Cybern B,2004,34:357-373.
[114]张四海,曹先彬,王煦法.基于免疫识别的免疫算法[J].电子学报,2002,30(12):1-5.
[115]孟宪福,解文利.基于免疫算法多目标约束P2P任务调度策略研究[J].电子学报,2011,39(01):101-107.
[116] Erica K. Inspired by immunity[J]. Nature,2002,415:468-470.
[117]李涛.计算机免疫学[M].北京:电子工业出版社,2004.
[118]郭毅,王振兴.基于免疫理论的域间路由系统监测模型[J].中国科学:信息科学,DOI:10.1007/s11432-011-4451-0
[119] Y Ishida. Active Diagnosis by Immunity-Based Agent Approach[A]. In: Proceedings of theInternational Workshop on Principle of Diagnosis[C]. Val-Morin, Canada,1996:223-229.
[120] Y Ishida. The immune system as a prototype of autonomous decentralized systems: anoverview[A]. In: Proceedings of International Symposium on Autonomous DecentralizedSystems[C]. Berlin, Germany,1997:112-119.
[121] Bruce Schneier. Applied Cryptography: Protocols, algorithms, and source code in C[M].USA: John Wiley and Sons Inc.,2003.
[122]李德毅,刘常昱.论正态云模型的普适性[J].中国工程科学,2004,6(8):28-33.
[123] Shivani Deshpande, Marina Thottan, Tin Kam Ho, Biplab Sikdar. An Online Mechanismfor BGP Instability Detection and Analysis[J]. IEEE Transactions on Computers,2009,58(11):1470-1484.
[124] L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, L. Zhang. Protecting BGP routes totop-level DNS servers[J]. IEEE Transactions on Parallel and Distributed Systems,2003,14(9):851-860.
[125]张红斌,裴庆祺,马建峰.内部威胁云模型感知算法[J].计算机学报,2009,32(4):784-792.
[126]王守信,张莉,李鹤松.一种基于云模型的主观信息评价方法[J].软件学报,2010,21(6):1341-1352.
[127] Nash, J. F. Equilibrium points in N-person Games[J]. PNAS,1950,48-49.
[128]涂志勇.博弈论[M].北京:北京大学出版社,2009.
[129] Nash, J. F. Non-cooperative games[J]. Annals of mathematics,1951,54:286-295.
[130]桂春梅,蹇强,王杯民,吴泉源.虚拟计算环境中基于重复博弈的惩罚激励机制[J].软件学报,2010,21(12):3042-3055.
[131]汪洋,林闯,李泉林.基于非合作博弈的无线网络路由机制研究[J].计算机学报,2009,32(1):54-68.
[132] Hagay Levin, Michael Schapira, Aviv Zohar. Interdomain routing and games[A]. In:Proceedings of the40th annual ACM symposium on theory of computing[C]. New York,USA,2008:57-66.
[133] R. Sami, M. Schapira, A. Zohar. Security and selfishness in interdomain routing[R].Jerusalem: Leibniz Center for Research in Computer Science,2008.
[2]中国互联网络信息中心.中国互联网络发展状况统计报告[EB/OL].:http://www.cnnic.net.cn/dtygg/dtgg/201201,2012-01-19.
[3]国家互联网应急中心.CNCERT互联网安全威胁报告[EB/OL].:http://www.cert.org.cn/UserFiles/File/201202monthly.pdf,2012-02-01.
[4] H.Geoff. The16-bit AS Number Report[EB/OL].: http://www.potaroo.net/tools/asns,2010-4-7.
[5] Malkin Gary Scott. RIP Version2[S]. Internet Engineering Task Force(IETF) RFC2453,1998.
[6] Moy John. OSPF Version2[S]. Internet Engineering Task Force(IETF) RFC2328,1998.
[7] Callon R. Use of OSI IS-IS for routing in TCP/IP and dual environments[S]. InternetEngineering Task Force(IETF).RFC1195,1990.
[8]卢锡城,赵金晶,朱培栋,董攀.域间路由系统自组织特性[J].软件学报,2006,17(09):1922-1932.
[9]赵金晶,黄敏桓,朱培栋.基于复杂系统理论的域间路由系统演化模型CMV-HOT[J].计算机研究与发展,2009,48(05):731-737.
[10] Prehofer C, Bettstetter C. Self-Organization in communication networks: Principles anddesign paradigms[J]. IEEE Communications Magazine,2005,43(7):78-85.
[11] Alderson D, Willinger W. A contrasting look at self-organization in the Internet andnext-generation communication networks[J]. IEEE Communications Magazine,2005,43(7):94-100.
[12] A. Barbir, S. Murphy, Y. Yang. Generic Threats to Routing Protocols[S]. IETF RFC4593,October2006.
[13] Bono V. J.7007Explanation and Apology[EB/OL].: http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html,1997-04-12.
[14] Merit Network. AS8584taking over the Internet[EB/OL].: http://www.cctec.com/maillists/nanog/historical/9804/msg00047.html,1998-04-15.
[15] rishaw jamie. man filters[EB/OL].: http://www.merit.edu/mail.archives/nanog/2000-12/msg00110.html,2000-12-15.
[16] Farrar J. C&W Routing Instability[EB/OL].: http://www.merit.edu/mail.archives/nanog/2001-04/msg00209.html,2001-04-02.
[17] Popescu Alin C., Premore Brian J., Underwood Todd. Anatomy of a leak:AS9121[EB/OL].: http://www.nanog.org/mtg-0505/underwood.html,2004-11-01.
[18] Wan Tao, Oorschot Paul C. van. Analysis of BGP Prefix Origins During Google's May2005Outage[A]. In: Proceedings of the20th International Parallel and DistributedProcessing Symposium(IPDPS)[C]. Rhodes Island, Greece,2006:135-142.
[19] Linsalata D.12/8problems?[EB/OL].: http://www.merit.edu/mail.archives/nanog/2005-09/msg00295.html,2005-09-01.
[20] The Routing Arbiter Project. AS8437announced a quarter of the net for half of anhour[EB/OL].: http://www.merit.edu/mail.archives/nanog/msg01700.html,2006-02-01.
[21] Renesys. Pakistan hijacks YouTube[EB/OL].: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml,2008-02-01.
[22] K. Sriram, O. Borchert, O. Kim, P. Gleichmann, D. Montgomery. A comparative analysisof BGP anomaly detection and robustness algorithms[A]. In: Proceedings ofCyber-security Applications Technology Conference for Homeland Security[C].Washindon, USA,2009:25-38.
[23] A. Haeberlen, I. Avramopoulos, J. Rexford, P. Druschel. NetReview: Detecting wheninterdomain routing goes wrong[A]. In: Proceedings of the6th USENIX symposium onNetworked Systems Design and Implementation[C].2009:437-452.
[24] O. Nordstr O M, C. Dovrolis. Beware of BGP attacks[J]. ACM SIGCOMM ComputerCommunication Review,2004,34(2):1-8.
[25] B. Quoitin, O. Bonaventure. A cooperative approach to interdomain traffic engineering[A].In: Proceedings of Next Generation Internet Networks[C]. Rome, Italy,2005:450-457.
[26] K. Butler, T. R. Farley, P. McDaniel, J. Rexford. A survey of BGP security issues andsolutions[J]. Proceedings of the IEEE,2010,98(1):100-122.
[27] Touch, D. Black, Y. Wang. Problem and applicability statement for better than nothingsecurity (BTNS)[S]. IETF RFC5387, November2008.
[28] H. Yin, B. Sheng, H. Wang, J. Pan. Securing BGP through keychain-based signatures[A].In: Proceedings of the15th IEEE International Workshop on Quality of Service[C].Charleston, SC,2007:154-163.
[29] Max Schuchard, Abedelaziz Mohaisen, Denis Foo Kune, et al. Losing Control of theInternet: Using the Data Plane to Attack the Control Plane[A]. In: Proceedings of the17thACM Conference on Computer and Communication Security[C]. Chicago, Illinois, USA,2010:726-728.
[30] Y. Zhang, Z. M. Mao, and J. Wang. Low-rate TCP-targeted DoS attack disrupts Internetrouting[A]. In: Proceedings of the Network and Distributed System Security Symposium(NDSS)[C]. San Diego, California, USA,2007:223-229..
[31] Jacob Aron. The cyber-weapon that could take down the internet[EB/OL].:http://www.newscientist.com/article/dn20113-the-cyber-weapon-that-could-take-down-the-internet,2011-02-11.
[32]新华网.美发明网络武器“数字大炮”可摧毁整个互联网[EB/OL].:http://news.xinhuanet.com/mit/2011-02/15/c_121082249.htm,2011-02-25.
[33]人民网.超级武器“数字大炮”[EB/OL].:http://military.people.com.cn/GB/8221/51757/194438/194633/14008297.html,2011-02-25.
[34] M. Nicholes, B. Mukherjee. A survey of security techniques for the border gatewayprotocol (BGP)[J]. IEEE Communications Surveys&Tutorials,2009,11(1):52-65.
[35]张威,毕军,吴建平.互联网域间路由可扩展性[J].软件学报,2011,22(1):84-100.
[36] X. Hu, Z. M. Mao. Accurate real-time identification of IP prefix hijacking[A]. In:Proceedings of IEEE Symposium on Security and Privacy[C]. Oakland, California, USA,2007:3-17.
[37] J. Karlin, S. Forrest, J. Rexford. Autonomous security for autonomous systems[J].Computer Networks,2008,52(15):2908-2923.
[38]刘欣,王小强,朱培栋,彭宇行.互联网域间路由系统安全态势评估[J].计算机研究与发展,2009,46(10):1669-1677.
[39] P. Gill, M. Schapira, S. Goldberg. Let the market drive deployment: A strategy fortransitioning to BGP security[A]. In: Proceedings of the ACM SIGCOMM[C]. Toronto,CA,2011:14-25.
[40] T. Qiu, L. Ji, D. Pei, J. Wang, J. Xu, H. Ballani. Locating prefix hijackers using LOCK[A].In: Proceedings of the18th Conference on USENIX Security Symposium[C]. Montreal,CA,2009:135-150.
[41]谭晶,罗军舟,李伟,于枫.基于可信度的域间路由机制[J].计算机学报,2010,33(9):1763-1774.
[42] Y. Li, M. Liljenstam, J. Liu. Real-time security exercises on a realistic interdomain routingexperiment platform[A]. In: Proceedings of the23rd ACM/IEEE/SCS Workshop onPrinciples of Advanced and Distributed Simulation[C]. New York, USA,2009:54-63.
[43] F. Sanchez, Z. Duan. Region-based BGP announcement filtering for improved BGPsecurity[A]. In: Proceedings of the5th ACM Symposium on Information, Computer andCommunications Security[C]. Beijing, China,2010:89-100.
[44] N. Hu, P. Zhu, P. Zou. Reputation mechanism for inter-domain routing securitymanagement[A]. In: Proceedings of the9th IEEE International Conference on Computerand Information Technology[C]. Xiamen, China,2009:98-103.
[45]王娜,智英建,张建辉,程东年,汪斌强.一个基于身份的安全域问路由协议[J].软件学报,2009,20(12):3223-3239.
[46] T. Vardar. Security in Interdomain Routing[D]. Helsinki: Helsinki University ofTechnology,2004.
[47] S. Goldberg, M. Schapira, P. Hummon, J. Rexford. How secure are secure inter-domainrouting protocols[J]. ACM SIGCOMM Computer Communication Review,2010,87-98.
[48] S. Kent, C. Lynn, K. Seo. Secure border gateway protocol (S-BGP)[J]. IEEE Journal onSelected Areas in Communications,2000,18(4):582-592.
[49] K. Seo, C. Lynn, S. Kent. Public-key infrastructure for the secure border gateway protocol(S-BGP)[A]. In: Proceedings of DARPA Information Survivability Conference&Exposition II[C]. California, USA,2001:239-253.
[50] White R. Securing BGP through secure origin BGP[J]. Internet Protocol Journal,2003,6(3):15-22.
[51] P. C. Oorschot, T. Wan, E. Kranakis. On interdomain routing security and pretty secureBGP (psBGP)[J]. ACM Transactions on Information and System Security (TISSEC),2007,10(3):11-25.
[52] D.Pei, L. Mohit, Z. Beichuan. Route Diagnosis in Path Vector Protocols[R]. California:UCLA CSD,2004.
[53] Zhao. Validation of Multiple Origin ASes Conflicts through BGP CommunityAttribute[EB/OL].: http://datatracker.ietf.org/doc/draft-zhao-idr-moasvalidation-00.txt,2001-04-01.
[54] L. Subramanian, V. Roth, I. Stoica, et al. Listen and Whisper: Security Mechanisms forBGP[A]. In: Proceedings of1th Symposium on Networked Systems Design andImplementation(NSDI'04)[C]. San Francisco, USA,2004:127-140.
[55] J. Karlin, S. Forrest, J. Rexford. Pretty good BGP: Improving BGP by cautiously adoptingroutes[A]. In: Proceedings of the14th IEEE International Conference on NetworkProtocols[C]. California, USA,2006:290-299.
[56] RIPE. Ripe’s MyASN[EB/OL].: http://www.ris.ripe.net/myasn.html,2011-05-01.
[57] Lad M, Massey D, Pei D., et al. PHAS: a prefix hijack alert system[A]. In: Proceedings ofthe15th USENIX Security Symposium[C]. Vancouver, Canada,2006:108-119.
[58] Renesys. Renesys’ Routing Intelligence[EB/OL].: http://www.renesys.com/products_services/routing_intelligence/,2011-05-01.
[59] Goodell G., Aiello W., Griffin T., et al. Working around BGP: An incremental approach toimproving security and accuracy of inter-domain routing[A]. In: Proceedings of the ISOCNDSS[C]. San Diego, US,2003:75-85.
[60] A. Osamu, F. Kensuke, H. Toshio, et al., Policy-based BGP Control Architecture forAutonomous Routing Management[A]. In: Proceedings of SIGCOMM Workshop onInternet Network Management[C]. Pisa, Italy,2006:77-82.
[61] Jaiswal S, Rosenberg A L, Towsley D. Comparing the structure of power-law graphs andthe Internet AS graph[A]. In: Proceedings of the12th IEEE International Conference onNetwork Protocols[C]. Berlin, Germany,2004:294-303.
[62] Faloutsos M, Faloutsos P, Faloutsos C. On power-law relationships of the Internettopology[J]. ACM SIGCOMM Computer Communtcation Review,1999,29(4):251-262.
[63] Siganos G, Faloutsos M, Faloutsos P, Faloutsos C. Power laws and the AS-level Internettopology[J]. IEEE/ACM Transactions on Networking,2003,11(4):514-524.
[64] Dorogovtsev S N. Clustering of correlated networks[J]. Physical Review E,2004, vol.69,no.027104
[65] Newman M E J. Assortative mixing in networks[J]. Physical Review Letters,2002, vol.89,no.208701.
[66] Zhou S, Mondragon R J. The rich-club phenomenon in the Internet topology[J]. IEEECommunications Letters,2004,8(3):180-182.
[67] Zhou S, Mondragon R J. Accurately modeling the Internet topology[J]. Physical Review E,2004, vol.70, no.066108.
[68] Mahadevan P, Krioukov D, Fomenkov M, et al. Lessons from three views of the Internettopology[R]. arXiv: cs. NI/0508033,2005.
[69]汪小帆,陈关荣.复杂网络理论及其应用[M].北京:清华大学出版社,2006.
[70]张宇,方滨兴,张宏莉.中国AS级拓扑测量与分析[J].计算机学报,2008,31(4):611-619.
[71] Dorogovtsev SN. Clustering of correlated networks[J]. Physical Review E,2004, vol.69,no.027104.
[72]张国强,张国清.Internet网络的关联性研究[J].软件学报,2006,17(3):490-497.
[73] Watts D. J. Small World: The Dynamic of Networks between Order and Randomness[J].Nature,1999,393-440.
[74] Claffy K. Internet Measurement and Data Analysis: Topology, Workload, Performance andRouting Statistics[EB/OL].: http://www.caida.org/outreach/papers/1999/Nae,2011-02-01:
[75] Newman MEJ. Assortative mixing in networks[J]. Physical Review Letter,2002, vol.89,no.208701.
[76] Clauset A, Newman M E J, Moore C. Finding community structure in very largenetworks[J]. Physical Review E,2004,70(6):66-111.
[77]张国强,张国清.互联网AS级拓扑的局部聚团现象研究[J].复杂系统与复杂性科学,2006,3(3):34-41.
[78]袁韶谦,赵海,张昕,李超.Internet拓扑的社团结构分析[J].复杂系统与复杂性科学,2007,4(3):17-27.
[79] M. Lad, R. Oliveira, B. Zhang, L. Zhang. Understanding resiliency of internet topologyagainst prefix hijack attacks[A]. In: Proceedings of the37th Annual IEEE/IFIPInternational Conference on Dependable Systems and Networks[C]. Edinburgh, UK,2007:368-377.
[80] X. Hu, Z. M. Mao. Accurate real-time identification of IP prefix hijacking[A]. In:Proceedings of IEEE Symposium on Security and Privacy[C]. Oakland, California, USA,2007:3-17.
[81] T. Qiu, L. Ji, D. Pei, J. Wang, J. Xu, H. Ballani. Locating prefix hijackers using LOCK[A].In: Proceedings of the18th conference on USENIX security symposium[C]. Montreal, CA,2009:135-150.
[82] K. Butler, P. McDaniel, W. Aiello. Optimizing BGP security by exploiting path stability[A].In: Proceedings of the13th ACM Conference on Computer and CommunicationsSecurity[C]. Alexandria, VA, USA,2006:298-310.
[83] M. Schapira, Y. Zhu, J. Rexford. Putting BGP on the right path: A case for next-hoprouting[A]. In: Proceedings of the9th ACM SIGCOMM Workshop on Hot Topics inNetworks[C]. Monterey, CA,2010:1-6.
[84] S. Goldberg, S. Halevi, A. D. Jaggard, V. Ramachandran, R. N. Wright. Rationality andtraffic attraction: Incentives for honest path announcements in BGP[J]. ACM SIGCOMMComputer Communication Review,2008,267-278.
[85] Y. C. Hu, A. Perrig, M. Sirbu. SPV: Secure path vector routing for securing BGP[J]. ACMSIGCOMM Computer Communication Review,2004,179-192.
[86] Mahajan Ratul, Wetherall David, Anderson Tom. Understanding BGP Misconfiguration[A].In: Proceedings of ACM SIGCOMM[C]. Pittsburgh, USA,2002:3-16.
[87] Bellovin Steven M., Gansner Emden R. Using Link Cuts to Attack Internet Routing[A]. In:Proceedings of the12th USENIX Security Symposium[C]. Washington, DC, USA,2003:119-127.
[88] Villamizar C., Chandra R., Govindan R. BGP route flap damping[S]. Internet EngineeringTask Force(IETF) RFC2439,1998.
[89] Sriram Kotikalapudi, Montgomery Doug, Borchert Oliver, et al. Study of BGP PeeringSession Attacks and Their Impacts on Routing Performance[J]. IEEE Journal on SelectedAreas in Communications: Special issue on High-Speed Network Security,2006,24(10):1901-1915.
[90] Lamport Leslie, Shostak Robert, Pease Marshall. The Byzantine Generals Problem[J].ACM Transactions on Programming Languages and Systems,1982,4(3):382-401.
[91] Perlman R. J. Network Layer Protocols with Byzantine Robustness[D]. Massachusetts:Massachusetts Institute of Technology,1988.
[92] I. Ray, E. Kim, D. Massey. A Framework to Facilitate Forensic Investigation for FalselyAdvertised BGP Routes[J]. Information System Security,2007,3(2):32-65.
[93]胡宁,邹鹏,朱培栋.域间路由协同管理机制及其应用[J].计算机研究与发展,2009,46(8):1251-1259.
[94]胡宁,邹鹏,朱培栋.基于信誉机制的域间路由安全协同管理方法[J].软件学报,2010,21(3):505-515.
[95] J. Cowie, A. Ogielski, B. Premore, Y. Yuan, Global Routing Instabilities Triggered byCode Red II and Nimda Worm Attacks[R]. USA: Renesys Corporation, December2001.
[96] Crucitti, Latora V, Marchiori M. Model for cascading failures in complex networks[J].Physical Review E,2004:69,045104(R).
[97] Moreno Y, Gomez J B, Pacheco A F. Instability of scale-free networks undernode-breaking avalanches[J]. Europhysical Letter,2002,58(4):630-636.
[98] Motter A E, Nishikawa, Lai Y C. Cascade-based attacks on complex networks[J]. PhysicalReview E,2002, vol.66, no.065102
[99] Holme P, Kim B J. vertex overload breakdowm in evolving networks[J]. Physical ReviewE,2002, vol.65, no.066109.
[100] Crucitti P, Latora V, Marchiori M. Model for cascading failures in complex networks[J].Physical Review E,2004, vol.69, no.045104
[101] Kinney R, Crucitti P, Albert R, Latora V. Modeling cascading failure in the NorthAmerican power grid[J]. European Physical Journal B,2005,46:101-107.
[102] Watts D J. a simple model of global cascades on random network[J]. PNAS,2002,99:5766-5771.
[103] Dobson I, Chen J, Thorp J S, et al. Examining criticality of blackouts in power systemmodels with cascading events[A]. In: Proceeding of the35th Hawaii InternationalConference on System Sciences[C]. Hawaii, USA,2002:63-72.
[104] Dobson I, Carreras B A, Newman D E. a loading-dependent model of probabilisticcascading failure[J]. Probability in the Engineering and Information Science,2005,19(1):15-32.
[105] Bonabeau E. Sandpile dynamics on random graphs[J]. Japanese Journal of PhysicalSociety,1995,64:327-328.
[106] Lise S, Paczuski M. Non-conservative earthquake model of self-organized criticality on arandom graph[J]. Physical Review Letters,2008, vol.88, no.228301.
[107] Lee D S, Goh K I, Kahng B, Kim D. Sandpile on scale-free networks[J]. Physical ReviewLetters,2003, vol.91, no.148701.
[108] Dobson I, Chen J, Thorp J S, et al. Examining criticality of blackouts in power systemmodels with cascading events[A]. In: Proceedings of35th International Conference onSystem Sciences[C]. Hawaii, USA,2002:63-72.
[109] Wang X F, Xu J. Cascading failures in coupled map lattices[J]. Physical Review E,2004,vol.70, no.056113
[110] Xu J, Wang X F. Cascading failures in scale-free coupled map lattices[J]. Physic A,2005,349:685-692.
[111] Wenping Deng, Peidong Zhu, Xicheng Lu. On Evaluating BGP Routing Stress Attack[J].Journal of communications,2010,5(1):13-22.
[112] CAIDA. BGP AS links[EB/OL].: http://as-rank.caida.org,2011-02-01.
[113] Esponda F, Forrest S, Helman P. A formal framework for positive and negative detection[J].IEEE Transaction System Man Cybern B,2004,34:357-373.
[114]张四海,曹先彬,王煦法.基于免疫识别的免疫算法[J].电子学报,2002,30(12):1-5.
[115]孟宪福,解文利.基于免疫算法多目标约束P2P任务调度策略研究[J].电子学报,2011,39(01):101-107.
[116] Erica K. Inspired by immunity[J]. Nature,2002,415:468-470.
[117]李涛.计算机免疫学[M].北京:电子工业出版社,2004.
[118]郭毅,王振兴.基于免疫理论的域间路由系统监测模型[J].中国科学:信息科学,DOI:10.1007/s11432-011-4451-0
[119] Y Ishida. Active Diagnosis by Immunity-Based Agent Approach[A]. In: Proceedings of theInternational Workshop on Principle of Diagnosis[C]. Val-Morin, Canada,1996:223-229.
[120] Y Ishida. The immune system as a prototype of autonomous decentralized systems: anoverview[A]. In: Proceedings of International Symposium on Autonomous DecentralizedSystems[C]. Berlin, Germany,1997:112-119.
[121] Bruce Schneier. Applied Cryptography: Protocols, algorithms, and source code in C[M].USA: John Wiley and Sons Inc.,2003.
[122]李德毅,刘常昱.论正态云模型的普适性[J].中国工程科学,2004,6(8):28-33.
[123] Shivani Deshpande, Marina Thottan, Tin Kam Ho, Biplab Sikdar. An Online Mechanismfor BGP Instability Detection and Analysis[J]. IEEE Transactions on Computers,2009,58(11):1470-1484.
[124] L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, L. Zhang. Protecting BGP routes totop-level DNS servers[J]. IEEE Transactions on Parallel and Distributed Systems,2003,14(9):851-860.
[125]张红斌,裴庆祺,马建峰.内部威胁云模型感知算法[J].计算机学报,2009,32(4):784-792.
[126]王守信,张莉,李鹤松.一种基于云模型的主观信息评价方法[J].软件学报,2010,21(6):1341-1352.
[127] Nash, J. F. Equilibrium points in N-person Games[J]. PNAS,1950,48-49.
[128]涂志勇.博弈论[M].北京:北京大学出版社,2009.
[129] Nash, J. F. Non-cooperative games[J]. Annals of mathematics,1951,54:286-295.
[130]桂春梅,蹇强,王杯民,吴泉源.虚拟计算环境中基于重复博弈的惩罚激励机制[J].软件学报,2010,21(12):3042-3055.
[131]汪洋,林闯,李泉林.基于非合作博弈的无线网络路由机制研究[J].计算机学报,2009,32(1):54-68.
[132] Hagay Levin, Michael Schapira, Aviv Zohar. Interdomain routing and games[A]. In:Proceedings of the40th annual ACM symposium on theory of computing[C]. New York,USA,2008:57-66.
[133] R. Sami, M. Schapira, A. Zohar. Security and selfishness in interdomain routing[R].Jerusalem: Leibniz Center for Research in Computer Science,2008.