标题:
基于绕行路径的聚类分析与异常检测Clustering Analysis and Anomaly Detection Based on the Detour Path
作者:
刘磊, 朱培栋, 闫爽, 富威
关键字:
BGP, 绕行路径, 聚类分析, 异常检测BGP, Detour Path, Clustering Analysis, Anomaly Detection
期刊名称:
《Software Engineering and Applications》, Vol.5 No.2, 2016-03-29
摘要:
本文对BGP路由中的绕行路径作了定义,通过观察路由表的AS_PATH属性,总结归纳了绕行路径的六种表现形式,即连续重复AS、环路、绕邻居AS、绕国、绕境、绕跨国企业。同时,对绕行路径的表现形式进行了聚类分析,并提出了基于绕行路径的连续重复AS、路由环路、国内流量外泄、路径伪造、路径篡改等异常路由检测方法。实验表明,本文所提方法能够有效检测异常路由行为,同时揭示了绕行路径的存在是使得网络流量传递平均最短路径变长的主要原因之一。
In this paper, the detour path is defined firstly. Through the observation of AS_PATH property of the routing table, we sum up the six forms of the detour path, i.e., continuously repeated AS, loop, around the neighbor AS, around the country, around the border and around the multinational company. Moreover, we did the clustering analysis of the manifestation of detour path and put forward the routing anomaly detection method based on the detour path. The method can detect the continuous repeated AS, routing loop, domestic traffic leaked, forged path, garbled path with such anomalies. Experiments show that the proposed method can effectively detect abnormal routing behavior and also suggest that one of the main reasons for the average shortest path of Internet traffic which becomes longer is the existence of the detour paths.