路由劫持是当前Internet域间路由系统（BGP）所面临的最严重的安全威胁之一，但目前仍缺乏有效的防护手段.将自治系统（autonomous system，简称AS）基于BGP路由信息自我发现路由劫持的概率定义为对路由劫持的免疫能力，对该免疫能力进行了建模，并给出了AS自我免疫的充分条件和必要条件以及该免疫能力的上界.实验结果发现，80%以上的AS对路由劫持完全没有免疫能力，仅不超过0.26%的AS具有大于85%的免疫能力.对AS免疫过程的进一步分析，揭示了造成AS免疫能力低下的提供商栅栏现象——提供商优先选择客户路由，从而阻止了劫持路由向被劫持者的传播.为了克服提供商栅栏，提高AS的免疫能力，设计了协同监测机制，并提出了一种计算复杂度较低的启发式协同邻居选取策略.该机制无需修改BGP协议，可增量部署.实验结果表明，仅与25个自治系统进行协同，就可以将对路由劫持的免疫能力提高到高于95%的水平.

BGP hijacking is one of the most severe threats facing current inter-domain routing system, but yet there still lack effective countermeasures. This paper models AS (autonomous system) level immunity to BGP hijacking as the possibility of the victim AS learning bogus routes via local BGP routing information, and presents the sufficient condition and necessary condition for an AS to be immune in the presence of BGP hijacking, as well as the upper bound of such immunity. Evaluation results show that more than 80% of ASes have no immunity to BGP hijacking at all and only less than 0.26% of ASes have immunity higher than 85%. Further analysis pinpoints the root cause of such low immunity—provider barrier that victim AS' providers prefer customer routes and prevent the propagation of bogus route to the victim. To tackle this barrier and improve AS level immunity against BGP hijacking, this study designs a cooperation based monitoring mechanism, and proposes a lightweight heuristic approach for each participant to select AS cooperators. This proposed mechanism is completely compatible to BGP, and is incrementally deployable. Experimental results show that by peering with only 25 cautiously selected ASes, one AS can significantly improve its immunity to 95%.

国家自然科学基金（61170285，61100223）；国家重点基础研究发展计划（973）（2011CB302600）