The behaviors of the Inter-domain Routing (IDR) System are becoming rather complicated with the rapid development of the Internet. Security incidents in IDR system have attracted extensive attention among people. This paper proposes a rule-based monitoring framework to secure IDR System, in which the rules can be used to effectively detect anomalous routes and possible attacks. Unlike GADRs, SADRs were defined according to some Internet models that are behavior-models represented by large numbers of normal routes. Furthermore the construction of the Internet Hierarchy Model and ISP Commercial Relationships Model were studied, and methods based on these models were developed to detect hidden route anomalies or attacks. ISP-Health, the prototype of such a monitoring system supported by the above-mentioned framework, was implemented, and its capabilities were exhibited at last.