logo

SCIENTIA SINICA Informationis, Volume 47 , Issue 12 : 1715-1729(2017) https://doi.org/10.1360/N112016-00259

Research on cascading failure attack and detection of inner-domain routing system

More info
  • ReceivedNov 8, 2016
  • AcceptedApr 5, 2017
  • PublishedJul 24, 2017

Abstract


Funded by

国家自然科学基金(61502528,61402525,61402526)


References

[1] Schuchard M, Thompson C, Hopper N, et al. Taking Routers off Their Meds: Unstable Routers and the Buggy BGP Implementations That Cause Them. UMN CS Technical Report 11-030. 2012. Google Scholar

[2] Deng W P, Zhu P D, Lu X C, et al. On evaluating BGP routing stress attack. J Commun, 2010, 5: 13--22. Google Scholar

[3] Schuchard M, Mohaisen A, Foo K D, et al. Losing control of the internet: using the data plane to attack the control plane. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2011), San Diego, 2010. 726--728. Google Scholar

[4] Li H S, Zhu J H, Qiu H, et al. The new threat to internet: DNP attack with the attacking flows strategizing technology. Int J Commun Syst, 2014, 28: 1126--1139. Google Scholar

[5] Zhang Y, Mao Z M, Wang J. Low-rate tcp-targeted DoS attack disrupts internet routing. In: Proceedings of the 14th Annual Network & Distributed System Security Symposium (NDSS 2007), San Diego, 2007. Google Scholar

[6] Bright P. Can a DDoS break the Internet? Sure... just not all of it. Ars Technica (April 2, 2013). http://arstechnica.com/security/2013/04/can-a-ddos-break-the-internet-sure-just-not-all-of-it/. Google Scholar

[7] Osterweil E, Amante S, McPherson D. TASRS: Towards a Secure Routing System Through Internet Number Resource Certification. Verisign Labs Technical Report 1130009. 2013. Google Scholar

[8] Guo Y, Wang Z X. An immune-theory-based model for monitoring inter-domain routing system. Sci China Inf Sci, 2012, 55: 2358--2368. Google Scholar

[9] Liu X, Wang X Q, Zhu P D, et al. Security evaluation for interdomain routing system in the Internet. J Comput Res Dev, 2009, 46: 1669--1677. Google Scholar

[10] Guo Y, Zhu J H, Wang Z X, et al. A multi-characteristics-based method for evaluating the security situation of inter-domain routing nodes. Sci Sin Inform, 2014, 44: 527--536. Google Scholar

[11] Guo Y, Duan H X, Chen J, et al. MAF-SAM: an effective method to perceive data plane threats of inter domain routing system. Comput Netw, 2016, 110: 69--78. Google Scholar

[12] Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In: Proceedings of ACM SIGCOMM 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, Karlsruhe, 2003. 75--86. Google Scholar

[13] Qiu H, Li Y, Li H, et al. One-to-any command and control model: precisely coordinated operation on uncooperative controlled nodes. Wuhan Univ Natural Sci, 2015, 20: 490--498. Google Scholar

[14] Hoque N, Bhattacharyya D, Kalita J. Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tut, 2015, 17: 2242--2270. Google Scholar

[15] Wu Z J, Lan M, Wang M H, et al. Research on time synchronization and flow aggregation in LDDoS attack based on cross-correlation. In: Proceedings of IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Washington: IEEE Computer Society, 2012. 25--32. Google Scholar

[16] Li H S, Zhu J H, Wang Q X, et al. LAAEM: a method to enhance LDoS attack. IEEE Commun Lett, 2016, 20: 708--711. Google Scholar

[17] Zhang C, Cai Z, Chen W, et al. Flow level detection and filtering of low-rate DDoS. Comput Netw Int J Comput Telecommun Netw, 2012, 56: 3417--3431. Google Scholar

[18] Jasmina O, Javier M, Piet V M. Network protection against worms and cascading failures using modularity partitioning. In: Proceedings of the 22nd International Teletraffic Congress, Amsterdam, 2010. 1--8. Google Scholar

[19] Wang L, Saranu M, Gottlieb J M, et al. Understanding BGP session failures in a large ISP. In: Proceedings of the 26th IEEE International Conference on Computer Communications, Barcelona, 2007. 348--356. Google Scholar

[20] Kotzanikolaou P, Theoharidou M, Gritzalis D. Cascading effects of common-cause failures in critical infrastructures. In: Proceedings of International Conference on Critical Infrastructure Protection VII. Berlin: Springer, 2013. 171--182. Google Scholar

[21] Hu Q L, Peng W, Chen X, et al. MFT2-BGP: achieving disruption-free inter-domain routing protocol using multiple forwarding trees. Chin J Comput, 2012, 35: 2023--2036. Google Scholar

[22] Hu Q L. Research on key survivability technologies of inter-domain routing protocol. Dissertation for Ph.D. Degree. Changsha: National University of Defense Technology, 2010. Google Scholar

[23] Guo Y, Wang Z X. A cascading failure model for inter-domain routing system, Int J Commun Syst, 2012, 25: 1068--1076. Google Scholar

[24] Wang Y, Wang Z X, Zhang L C, et al. Situation assessment model for inter-domain routing system. IET Softw, 2013, 8: 53--61. Google Scholar

[25] Liu Y, Peng W, Su J, et al. Assessing survivability of inter-domain routing system under cascading failures. In: Frontiers in Internet Technologies. Berlin: Springer, 2013. 97--108. Google Scholar

[26] Liu Y, Peng W, Su J, et al. Assessing the impact of cascading failures on the interdomain routing system of the Internet. New Generation Comput, 2014, 32: 237--255. Google Scholar

[27] Yang B, Zhang Y, Lu Y. A new methods for cascading failures analysis in inter-domain routing system. In: Proceedings of the 5th International Conference on Instrumentation & Measurement, Qinhuangdao, 2015. 382--385. Google Scholar

[28] Zheng H, Chen S, Liang Y. How the cyber weapon “Digital Ordnance works and its precautionary measures. J Comput Res, 2012, s2: 69--73. Google Scholar

[29] Jing Q L. Design and implementation of interdomain routing security monitoring system. Dissertation for Masters Degree. Beijing: Capital Normal University, 2014. Google Scholar

[30] Li C X. Research on key technologies for inter-domain routing survivability. Dissertation for Ph.D. Degree. Beijing: Beijing University of Posts and Telecommunications, 2015. Google Scholar

[31] Wen K, Yang J H, Zhang B.Survey on research and progress of low-rate denial of service attacks. J Softw, 2014, 25: 591--605. Google Scholar

[32] Xiang Y, Li K, Zhou W. Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans Inf Forens Secur, 2011, 6: 426--437. Google Scholar

[33] Ain A, Bhuyan M H, Bhattacharyya D K, et al. Rank correlation for low-rate DDoS attack detection: an empirical evaluation. Int J Netw Secur, 2016, 18. Google Scholar

[34] Wu Z J, Li G, Yue M. Detecting low-rate DoS attacks based on signal cross-correlation. ACTA Electron Sin, 2014, 42: 1760--1766. Google Scholar

[35] Mehmet S. A new metric for flow-level filtering of low-rate DDoS attacks. Secur Commun Netw, 2015, 8: 3815--3825. Google Scholar

[36] Hoque N, Bhattacharyya D K, Kalita J K. FFSc: a novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis. Secur Commun Netw, 2016, 9: 2032--2041. Google Scholar

[37] Kang M S, Gligor V D, Sekar V. SPIFFY: inducing cost-detectability tradeoffs for persistent link-flooding attacks. In: Proceedings of Network and Distributed System Security Symposium (NDSS16), San Diego, 2016. Google Scholar

[38] Yin H, Sheng B, Wang H. Securing BGP through keychain-based signatures. In: Proceedings of the 15th IEEE International Workshop on Quality of Service, Evanston, 2007. 154--163. Google Scholar

[39] Kim E, Nahrstedt K, Xiao L, et al. Identity-based registry for secure inter-domain routing. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, Taipei, 2006. 321--331. Google Scholar

[40] Feamster N, Jung J, Balakrishnan H. An empirical study of bogon route advertisements. ACM SIGCOMM Comput Commun Rev, 2005, 35: 63--70. Google Scholar

[41] Thaler D G, Ravishankar C V. An architecture for inter-domain troubleshooting. J Netw Syst Manag, 1997, 12: 516--523. Google Scholar

[42] Wu J. Passive inter-domain routing monitor based on routing interaction. In: Proceedings of the 6th IEEE International Conference on Computer and Information Technology. Washington: IEEE Computer Society, 2006. 104. Google Scholar

[43] Goodell G, Aiello W, Griffin T, et al. Working around BGP: an incremental approach to improving security and accuracy of inter-domain routing. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, 2002. 75--85. Google Scholar

[44] Wang L, Xia T B, Seberry J. Inter-domain routing validator based spoofing defense system. In: Proceedings of 2010 IEEE International Conference on Intelligence and Security Informatics, Vancouver, 2010. 153--155. Google Scholar

[45] Guo Y, Wang Z X, Liu H S, et al. A cooperation-based mechanism for detecting AS_PATH validity. J Comput Res Dev, 2012, 49: 96--103. Google Scholar

[46] Kang M S, Lee S B, Gligor V D. The crossfire attack. In: Proceedings of IEEE Symposium on Security and Privacy, Berkeley, 2013. 127--141. Google Scholar

[47] Papadimitriou D, Careglio D, Tarissan F, et al. Internet routing paths stability model and relation to forwarding paths. In: Proceedings of the 9th International Conference on the Design of Reliable Communication Networks, Budapest, 2013. 8875: 20--27. Google Scholar

[48] Xia N, Li W, Luo J Z, et al. A routing node behavior algorithm based on fluctuation type. Chin J Comput, 2014, 37: 326--334. Google Scholar

[49] Zhang W, Bi J, Wu J P, et al. Catching popular prefixes as AS border router with a prediction based method. Comput Netw, 2012, 56: 1486--1502. Google Scholar

[50] Siaterlis C, Garcia A P, Genge B. On the use of emulab testbeds for scientifically rigorous experiments. IEEE Commun Surv Tutor, 2013, 15: 929--942. Google Scholar