• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2006, Vol. 28 ›› Issue (5): 5-7.

• 论文 • 上一篇    下一篇

下一代互联网域间路由安全:威胁与对策

米强[1] 杜秀春[2] 蔡开裕[2] 刘欣[2]   

  • 出版日期:2006-05-01 发布日期:2010-05-20

  • Online:2006-05-01 Published:2010-05-20

摘要:

基于BGP的域间路由系统是下一代互联网的关键基础设施.本文系统地分析了下一代互联网域间路由系统的脆弱性,建立了下一代互联网域间路由的攻击模型对各种攻击目标和 攻击方式进行描述,并从多个层次对BGP-4和BGP4+的安全能力进行分析与比较.此外,我们给出了路由攻击检测系统方案,该方法可有效实现域间路由系统的安全控制

关键词: 域间路由 下一代互联网 安全 攻击检测

Abstract:

The BGP-based inter-domain routing system is the infrastructure of NGI (Next Generation Interact). There ore serious security threats in the BGP rou ting system.This paper first analyzes the vulnerability of the inter-domain routing system of NGI, presents an attack model towards inter-domain routing   which describes certain attack goals and various attack modes, and compares between BGP-4 and BGP4+ on security capabilities in view of the protocol  hierarchy. We propose a detection scheme for routing attacks, which can effectively achieve the inter-domain routing security of NGL.

Key words: inter-domain routing, NGI (Next Generation Internet), security, routing attack detection