Research and implementation of reputation-based inter-domain routing selection mechanism

被引：0

作者：

Zhao S. ^{[1
]}

Huang X. ^{[1
]}

Zhong Z. ^{[1
]}

机构：

[1] School of Computer Science, Beijing University of Posts and Telecommunications, Beijing

来源：

Tongxin Xuebao/Journal on Communications | 2023年 / 44卷 / 06期

基金：

国家重点研发计划;

关键词：

border gateway protocol; network security; reputation mechanism; routing selection mechanism;

D O I：

10.11959/j.issn.1000-436x.2023114

中图分类号：

学科分类号：

摘要：

To solve the problem of lack of validation for exchanging messages in BGP, a inter-domain routing mechanism, which consisted of a reputation evaluation mechanism and a reputation-based BGP optimal routing algorithm, was proposed.The reputation evaluation mechanism used a distributed autonomous system (AS) alliance architecture, which divided node routing behavior in detail. The service domain and observation weight were used as indicators to quantify the impact of node behavior. By designing a feedback mechanism, the reputation value not only reflected the good and bad of nodes, but also reflected the node’s resistance to malicious attacks. The reputation-based BGP routing selection algorithm adds a “security” policy to the existing routing selection algorithm by filtering routes containing low-reputation nodes and selecting the best route among high reputation routes. The experimental results show that the proposed mechanism outperform most existing reputation mechanisms by avoiding routes with vulnerable nodes and restraining the propagation of illegal routes, thereby providing a more secure inter-domain routing environment. © 2023 Editorial Board of Journal on Communications. All rights reserved.

引用

页码：47 / 56

页数：9

共 24 条

[1] REKHTER Y, LI T, HARES S., A border gateway protocol 4(BGP-4), (2006)
[2] WANG N, DU X H, WANG W J, Et al., A survey of the border gateway protocol security, Chinese Journal of Computers, 40, 7, pp. 1626-1648, (2017)
[3] HUDAIB A A Z, HUDAIB E A Z., DNS advanced attacks and analysis, International Journal of Computer Science and Security (IJCSS), 8, 2, (2014)
[4] MIRKOVIC J, REIHER P., A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, 34, 2, pp. 39-53, (2004)
[5] CONTI M, DRAGONI N, LESYK V., A survey of man in the middle attacks, IEEE Communications Surveys & Tutorials, 18, 3, pp. 2027-2051, (2016)
[6] HUSTON G, MICHAELSON G., Validation of route origination using the resource certificate public key infrastructure (PKI) and route origin authorizations (ROAs), (2012)
[7] KENT S, LYNN C, SEO K., Secure border gateway protocol (S-BGP), Proceedings of IEEE Journal on Selected Areas in Communications, pp. 582-592, (2002)
[8] WHITE R., Architecture and deployment considerations for secure origin BGP (soBGP), (2006)
[9] WHITE R., Securing BGP through secure origin BGP (soBGP), Business Communications Review, 33, 5, (2003)
[10] LEPINSKI M, SRIRAM K., BGPsec protocol specification, (2017)

← 1 2 3 →