大规模网络链路安全的随机式主动巡逻理论与方法研究

This project concentrates on link flooding attack (LFA) which recently attracts attention from the network security community, aiming at theoretical and technical methods to cope with such large-scale threat, as well as better capability to protect critical Internet infrastructure. As a new attack, LFA targets on links, which can be congested by massive pre-designed flows from botnets after routing surveillance. As a consequence, networks near the victim link would be indirectly paralyzed, without directly observing any attack traffic flows. Therefore, LFA is disruptive, indirect and stealthy. On the other hand, large-scale networks comprise complex routing and a huge number of links, and any link could be attacked, making it hard to deploy detection beforehand. Therefore, timely and accurate monitoring the link state of large-scale networks is an important first step towards the emergency response of LFA. In order to efficiently perceive the link state of large-scale networks and in turn effectively deal with LFA, this project considers new features of LFA, and proposes a new idea of randomized dynamic security patrolling, in response to practical challenges like complex networks and a huge number of links, limited monitoring resources, monitoring specific links resulting a number of invisible links. To this end, several scientific problems are addressed, including link structure and dependence evaluation, attack-defense strategy mining and game theory, optimal randomized patrolling strategies generation, etc.

本项目围绕网络安全领域最新关注的链路洪泛攻击 (Link Flooding Attack，LFA)，旨在研究应对此大规模威胁的理论技术手段，以期提升互联网骨干链路设施的安全保障水平。作为一种新型攻击，LFA以链路为攻击目标，通过僵尸网络侦测路由并构造大流量经过被攻击链路，以间接瘫痪被攻击链路附近的网络，具有后果严重、间接隐蔽（被瘫痪网络无法直接感知攻击流量）等特点。同时，大规模网络路由错综复杂，链路数量庞大，任何链路都可能被攻击，防不胜防。因此，及时准确全面地监控大规模网络链路状态是应急处置LFA的关键第一步。为了高效感知大规模链路状态进而有效应对LFA，本项目结合LFA的特点，针对大规模网络链路复杂庞大、监控资源有限、静态监控特定链路存在盲区等现实挑战，提出随机式的主动安全巡逻新思路，并研究链路结构及依赖关系评估、攻守策略挖掘及博弈、最优随机巡逻策略生成等关键科学问题。

为了高效感知大规模链路状态进而有效应对链路洪泛攻击（Link Flooding Attack，LFA），本项目结合LFA的新特性，针对网络链路安全的大规模复杂性挑战，提出“大规模网络链路安全随机式主动巡逻”的研究思路，重点研究该思路所蕴含的攻守信息获取与评估、攻守策略挖掘及基于博弈论的最优随机巡逻策略生成、机会测量（Opportunistic Measurement）型攻击诊断定位等科学理论方法，并针对目标网络链路开展测试应用。本项目总计取得14项代表性成果，包括7篇代表性论文、申请4项国家发明专利、以及其他3项相关荣誉。这些成果回答了项目预设的主要研究目标和问题。本项目所得的核心成果，发表在IEEE Transactions on Information Forensics and Security、IEEE Transactions on Dependable and Secure Computing、Information Sciences、IEEE INFCOM、IEEE Intelligent Systems等高水平国际期刊和会议。..主要学术贡献包括：（1）将大规模复杂网络中的LFA检测问题形式化为Stackelberg安全博弈模型，建立防守者和攻击者的Leader-Follower模型。提出采用混合巡逻策略（Mixed-Defense Strategy），考虑攻击者掌握防守方策略的不同情况，设计具有前瞻性的巡逻策略。（2）设计最优随机巡逻策略，最大化防守方的收益。同时，基于攻击者的理性（Rationality）分析，建立攻击者对巡逻策略的响应模型，包括贪婪响应（Greedy Response）和量子响应（Quantal Response）两个模型。（3）采用混合整数线性规划、二分查找、分段线性近似等手段，解决随机巡逻策略优化问题（非线性、非凸）。通过实际实验，比较优化策略与均匀防守（Uniform-Defense Strategy）、最佳防守（Best-Defense Strategy）等巡逻策略。（4）提出了一种综合考虑技术与经济可行性的BGP路由机制，基于VCG动机设计模型，设计了一种能够兼容现有BGP路由的攻击流量重路由策略，使得攻击发生后，有效激励不同的运营商能够及时共享攻击信息，并且对攻击开展协同治理。