METHOD AND DEVICE FOR DETECTING BGP UNAUTHORIZED MESSAGE
PROBLEM TO BE SOLVED: To provide a method and device for detecting a BGP unauthorized message that facilitates detecting an unauthorized message, which has never been observed, and also an unauthorized message that has a feature value not greatly separated from that of a normal case. SOLUTION: A mes...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | PROBLEM TO BE SOLVED: To provide a method and device for detecting a BGP unauthorized message that facilitates detecting an unauthorized message, which has never been observed, and also an unauthorized message that has a feature value not greatly separated from that of a normal case. SOLUTION: A message extraction unit 101 extracts an ANNOUNCE message from the BGP messages observed/collected by a BGP router AS 20. A fluctuation detection unit 102 includes: an attribute value extraction unit 102a for extracting an attribute value of an attribute described in a message; and a fluctuation extraction unit 102b for comparing the attribute described in the message including the same prefix as that observed before and after to extract fluctuation of the attribute value of the prefix. An unauthorized message detection unit 103 includes: a classification unit 103a for classifying the prefix, where the fluctuation of the attribute value has been detected, according to the attribute value after the fluctuation; and an estimation unit 103b for estimating a message having a specific attribute value after the fluctuation of the attribute as an unauthorized message, based on a classification result. COPYRIGHT: (C)2011,JPO&INPIT |
|---|