基于深度学习的BGP路由系统安全监测技术研究

The development of deep learning technology and the steady growth of achievable routing data brings a new research opportunities to BGP routing system behavior analysis. However, relevant researchers, especially domestic researchers, have not focused on the researches based on the deep learning techniques on perspective of network security monitoring, which makes the existing routing system security event detection methods inefficient. This project will closely focus on the three keys to BGP routing system security monitoring: data collection and evaluation, routing behavior simulation, and routing security detection; take the high-frequency simulation of BGP routing system behavior as our core scientific pursuit; and study BGP routing system security monitoring methods and technologies based on deep learning technology to achieve high-availability, high-precision BGP routing system monitoring. We will strives to make breakthroughs in the theory models and methods of BGP routing system security monitoring. Our achievement would provide technical support for domestic related network operation industries community, provide theoretical basis for the decisions of Chinese network supervision departments, and provide direction guide for Chinese military's strategic resource layout. So that we can contribute to prosperous of the our nation's network technology industry, maintenance of the domestic cyber space security, and the safeguard of the national cyberspace sovereignty.

深度学习技术的发展和可收集路由数据的稳步增长给BGP路由系统行为分析带来了新的研究契机。然而目前相关研究并没有从网络安全监测的角度开展基于深度学习技术的研究，致使路由系统安全事件检测方法效率较差。本项目将紧扣BGP路由系统安全监测的三个关键环节：数据采集和评价、路由行为模拟、路由安全检测，以高精度模拟BGP路由系统行为为核心追求，基于深度学习技术研究BGP路由系统进行安全监测方法与技术，实现高可用、高精度的BGP路由系统监管。项目力争在BGP路由系统安全监测理论模型和方法两个方面取得突破。为国内网络运营相关产业提供技术支撑、为我国网络监管部门进行方案决策提供理论依据、为我国军队布局国家网络战备资源提供方向指引，进而为繁荣国家网络技术产业、维护国内网络空间安全秩序、保障国家网络空间主权不受侵犯提供坚实基础。

本项目针对BGP路由系统的模拟和安全事件诊断问题开展研究，通过对路由转播轨迹进行图结构抽象和学习，构建网络模型用以识别BGP路由团体属性、BGP路由决策、BGP安全事件，分别提出了：1）基于BGP路由转发轨迹识别路由团体属性方法；2）融合前缀信息，同时结合团体属性信息的泛化路由决策模型；3）基于网络靶场的BGP路由系统模拟技术；4）基于图卷积模型、图采样聚合模型和图注意力网络模型的路由泄漏检测方法。基于本项目成果，可有效优化利用现有BGP开源数据，提升BGP路由决策过程模拟精度，使能BGP路由系统模拟，识别BGP路由安全事件，进而提升了我国在BGP路由系统安全方面的技术支撑能力。