SCIENTIA SINICA Informationis, Volume 47 , Issue 12 : 1715-1729(2017) https://doi.org/10.1360/N112016-00259

Research on cascading failure attack and detection of inner-domain routing system

More info
  • ReceivedNov 8, 2016
  • AcceptedApr 5, 2017
  • PublishedJul 24, 2017


Attacks aiming at the vulnerabilities of a BGP self-adaptation mechanism may lead to a cascading failure of the routers, and the inter-domain routing system may even crash. The safety monitoring technologies of existing inter-domain routing systems cannot efficiently detect an attack because the attack flows and updates are practically valid. This is becoming an important and difficult research topic in the field of network security. In this paper, we first analyze the attack methods that may give rise to a cascading failure of an inter-domain routing system, propose a two-stage attack model of BGP cascading failure attacks, and extract the features and onset time of each attack stage. We then classify and elaborate on the current detection approaches, and evaluate them comprehensively from the perspectives of real-time implementation, accuracy, and cost. Finally, the current research issues are described and possible directions for future research are suggested.

Funded by



[1] Schuchard M, Thompson C, Hopper N, et al. Taking Routers off Their Meds: Unstable Routers and the Buggy BGP Implementations That Cause Them. UMN CS Technical Report 11-030. 2012. Google Scholar

[2] Deng W P, Zhu P D, Lu X C, et al. On evaluating BGP routing stress attack. J Commun, 2010, 5: 13--22. Google Scholar

[3] Schuchard M, Mohaisen A, Foo K D, et al. Losing control of the internet: using the data plane to attack the control plane. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2011), San Diego, 2010. 726--728. Google Scholar

[4] Li H S, Zhu J H, Qiu H, et al. The new threat to internet: DNP attack with the attacking flows strategizing technology. Int J Commun Syst, 2014, 28: 1126--1139. Google Scholar

[5] Zhang Y, Mao Z M, Wang J. Low-rate tcp-targeted DoS attack disrupts internet routing. In: Proceedings of the 14th Annual Network & Distributed System Security Symposium (NDSS 2007), San Diego, 2007. Google Scholar

[6] Bright P. Can a DDoS break the Internet? Sure... just not all of it. Ars Technica (April 2, 2013). http://arstechnica.com/security/2013/04/can-a-ddos-break-the-internet-sure-just-not-all-of-it/. Google Scholar

[7] Osterweil E, Amante S, McPherson D. TASRS: Towards a Secure Routing System Through Internet Number Resource Certification. Verisign Labs Technical Report 1130009. 2013. Google Scholar

[8] Guo Y, Wang Z X. An immune-theory-based model for monitoring inter-domain routing system. Sci China Inf Sci, 2012, 55: 2358--2368. Google Scholar

[9] Liu X, Wang X Q, Zhu P D, et al. Security evaluation for interdomain routing system in the Internet. J Comput Res Dev, 2009, 46: 1669--1677. Google Scholar

[10] Guo Y, Zhu J H, Wang Z X, et al. A multi-characteristics-based method for evaluating the security situation of inter-domain routing nodes. Sci Sin Inform, 2014, 44: 527--536. Google Scholar

[11] Guo Y, Duan H X, Chen J, et al. MAF-SAM: an effective method to perceive data plane threats of inter domain routing system. Comput Netw, 2016, 110: 69--78. Google Scholar

[12] Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In: Proceedings of ACM SIGCOMM 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, Karlsruhe, 2003. 75--86. Google Scholar

[13] Qiu H, Li Y, Li H, et al. One-to-any command and control model: precisely coordinated operation on uncooperative controlled nodes. Wuhan Univ Natural Sci, 2015, 20: 490--498. Google Scholar

[14] Hoque N, Bhattacharyya D, Kalita J. Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tut, 2015, 17: 2242--2270. Google Scholar

[15] Wu Z J, Lan M, Wang M H, et al. Research on time synchronization and flow aggregation in LDDoS attack based on cross-correlation. In: Proceedings of IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Washington: IEEE Computer Society, 2012. 25--32. Google Scholar

[16] Li H S, Zhu J H, Wang Q X, et al. LAAEM: a method to enhance LDoS attack. IEEE Commun Lett, 2016, 20: 708--711. Google Scholar

[17] Zhang C, Cai Z, Chen W, et al. Flow level detection and filtering of low-rate DDoS. Comput Netw Int J Comput Telecommun Netw, 2012, 56: 3417--3431. Google Scholar

[18] Jasmina O, Javier M, Piet V M. Network protection against worms and cascading failures using modularity partitioning. In: Proceedings of the 22nd International Teletraffic Congress, Amsterdam, 2010. 1--8. Google Scholar

[19] Wang L, Saranu M, Gottlieb J M, et al. Understanding BGP session failures in a large ISP. In: Proceedings of the 26th IEEE International Conference on Computer Communications, Barcelona, 2007. 348--356. Google Scholar

[20] Kotzanikolaou P, Theoharidou M, Gritzalis D. Cascading effects of common-cause failures in critical infrastructures. In: Proceedings of International Conference on Critical Infrastructure Protection VII. Berlin: Springer, 2013. 171--182. Google Scholar

[21] Hu Q L, Peng W, Chen X, et al. MFT2-BGP: achieving disruption-free inter-domain routing protocol using multiple forwarding trees. Chin J Comput, 2012, 35: 2023--2036. Google Scholar

[22] Hu Q L. Research on key survivability technologies of inter-domain routing protocol. Dissertation for Ph.D. Degree. Changsha: National University of Defense Technology, 2010. Google Scholar

[23] Guo Y, Wang Z X. A cascading failure model for inter-domain routing system, Int J Commun Syst, 2012, 25: 1068--1076. Google Scholar

[24] Wang Y, Wang Z X, Zhang L C, et al. Situation assessment model for inter-domain routing system. IET Softw, 2013, 8: 53--61. Google Scholar

[25] Liu Y, Peng W, Su J, et al. Assessing survivability of inter-domain routing system under cascading failures. In: Frontiers in Internet Technologies. Berlin: Springer, 2013. 97--108. Google Scholar

[26] Liu Y, Peng W, Su J, et al. Assessing the impact of cascading failures on the interdomain routing system of the Internet. New Generation Comput, 2014, 32: 237--255. Google Scholar

[27] Yang B, Zhang Y, Lu Y. A new methods for cascading failures analysis in inter-domain routing system. In: Proceedings of the 5th International Conference on Instrumentation & Measurement, Qinhuangdao, 2015. 382--385. Google Scholar

[28] Zheng H, Chen S, Liang Y. How the cyber weapon “Digital Ordnance works and its precautionary measures. J Comput Res, 2012, s2: 69--73. Google Scholar

[29] Jing Q L. Design and implementation of interdomain routing security monitoring system. Dissertation for Masters Degree. Beijing: Capital Normal University, 2014. Google Scholar

[30] Li C X. Research on key technologies for inter-domain routing survivability. Dissertation for Ph.D. Degree. Beijing: Beijing University of Posts and Telecommunications, 2015. Google Scholar

[31] Wen K, Yang J H, Zhang B.Survey on research and progress of low-rate denial of service attacks. J Softw, 2014, 25: 591--605. Google Scholar

[32] Xiang Y, Li K, Zhou W. Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans Inf Forens Secur, 2011, 6: 426--437. Google Scholar

[33] Ain A, Bhuyan M H, Bhattacharyya D K, et al. Rank correlation for low-rate DDoS attack detection: an empirical evaluation. Int J Netw Secur, 2016, 18. Google Scholar

[34] Wu Z J, Li G, Yue M. Detecting low-rate DoS attacks based on signal cross-correlation. ACTA Electron Sin, 2014, 42: 1760--1766. Google Scholar

[35] Mehmet S. A new metric for flow-level filtering of low-rate DDoS attacks. Secur Commun Netw, 2015, 8: 3815--3825. Google Scholar

[36] Hoque N, Bhattacharyya D K, Kalita J K. FFSc: a novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis. Secur Commun Netw, 2016, 9: 2032--2041. Google Scholar

[37] Kang M S, Gligor V D, Sekar V. SPIFFY: inducing cost-detectability tradeoffs for persistent link-flooding attacks. In: Proceedings of Network and Distributed System Security Symposium (NDSS16), San Diego, 2016. Google Scholar

[38] Yin H, Sheng B, Wang H. Securing BGP through keychain-based signatures. In: Proceedings of the 15th IEEE International Workshop on Quality of Service, Evanston, 2007. 154--163. Google Scholar

[39] Kim E, Nahrstedt K, Xiao L, et al. Identity-based registry for secure inter-domain routing. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, Taipei, 2006. 321--331. Google Scholar

[40] Feamster N, Jung J, Balakrishnan H. An empirical study of bogon route advertisements. ACM SIGCOMM Comput Commun Rev, 2005, 35: 63--70. Google Scholar

[41] Thaler D G, Ravishankar C V. An architecture for inter-domain troubleshooting. J Netw Syst Manag, 1997, 12: 516--523. Google Scholar

[42] Wu J. Passive inter-domain routing monitor based on routing interaction. In: Proceedings of the 6th IEEE International Conference on Computer and Information Technology. Washington: IEEE Computer Society, 2006. 104. Google Scholar

[43] Goodell G, Aiello W, Griffin T, et al. Working around BGP: an incremental approach to improving security and accuracy of inter-domain routing. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, 2002. 75--85. Google Scholar

[44] Wang L, Xia T B, Seberry J. Inter-domain routing validator based spoofing defense system. In: Proceedings of 2010 IEEE International Conference on Intelligence and Security Informatics, Vancouver, 2010. 153--155. Google Scholar

[45] Guo Y, Wang Z X, Liu H S, et al. A cooperation-based mechanism for detecting AS_PATH validity. J Comput Res Dev, 2012, 49: 96--103. Google Scholar

[46] Kang M S, Lee S B, Gligor V D. The crossfire attack. In: Proceedings of IEEE Symposium on Security and Privacy, Berkeley, 2013. 127--141. Google Scholar

[47] Papadimitriou D, Careglio D, Tarissan F, et al. Internet routing paths stability model and relation to forwarding paths. In: Proceedings of the 9th International Conference on the Design of Reliable Communication Networks, Budapest, 2013. 8875: 20--27. Google Scholar

[48] Xia N, Li W, Luo J Z, et al. A routing node behavior algorithm based on fluctuation type. Chin J Comput, 2014, 37: 326--334. Google Scholar

[49] Zhang W, Bi J, Wu J P, et al. Catching popular prefixes as AS border router with a prediction based method. Comput Netw, 2012, 56: 1486--1502. Google Scholar

[50] Siaterlis C, Garcia A P, Genge B. On the use of emulab testbeds for scientifically rigorous experiments. IEEE Commun Surv Tutor, 2013, 15: 929--942. Google Scholar