Abstract:
For lack of effective security mechanism, the inter-domain routing system of the Internet, based on the border gateway protocol (BGP), faces serious security threats. Although many current researchers have conducted exhaustive research regarding the routing security problem of the BGP routing system in the Internet, few people quantify its security situation. Moreover, Internet network operators do need useful information to perceive the security status of their autonomous systems. In order to solve the problem, the authors analyze the hierarchical characteristics of the Internets inter-domain routing system, and propose a security evaluation model which makes use of anomalous BGP routes. Based on the route status tree exploited from hierarchical characteristics implicated in the BGP routing system, the model can describe the hierarchical relationship of various routing entities in it, store and record the security states of routes for every routing entity. Finally, the model can compute the routing security state of every entity according to the detected anomalous BGP routes. The experimental results show that the model can assess the security threat status of BGP routers, autonomous systems and the inter-domain routing system all together, and can provide valuable, intuitional curve for Internet network operators. The model has been applied to the BGP monitoring system.