Detecting IP prefix hijacking using data reduction-based and Binary Search Algorithm

2015 Internet Technologies and Applications (ITA) Pub Date : 2015-09-01 DOI:10.1109/ITECHA.2015.7317374

Hussain Alshamrani, B. Ghita, David Lancaster

{"title":"Detecting IP prefix hijacking using data reduction-based and Binary Search Algorithm","authors":"Hussain Alshamrani, B. Ghita, David Lancaster","doi":"10.1109/ITECHA.2015.7317374","DOIUrl":null,"url":null,"abstract":"In spite of significant ongoing research, the Border gateway protocol (BGP) still encompasses conceptual vulnerability issues regarding impersonating the ownership of IP prefixes for ASes (Autonomous Systems). In this context, a number of research studies focused on securing BGP through historical-based and statistical-based behavioural models. This paper proposes a novel algorithm aiming to track the behaviour of BGP edge routers and detect IP prefix hijacks based on a typical signature. The algorithm parses the BGP advertisements in order to detect the apparent relocation of specific IP prefixes, either in the same or in different regions. The algorithm aims to identify IP prefixes by multiple independent ASes. The method differs from routing consistency monitoring, which faces difficulties detecting events at the edge of the BGP infrastructure. Based on the RIRs' database, the algorithm can detect national and cross-border IP prefix hijacks very quick. However, 5 results out of 16 were not accurate therefore the algorithm has some false positives and needs further improvement to be done in future.","PeriodicalId":161782,"journal":{"name":"2015 Internet Technologies and Applications (ITA)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Internet Technologies and Applications (ITA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITECHA.2015.7317374","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

In spite of significant ongoing research, the Border gateway protocol (BGP) still encompasses conceptual vulnerability issues regarding impersonating the ownership of IP prefixes for ASes (Autonomous Systems). In this context, a number of research studies focused on securing BGP through historical-based and statistical-based behavioural models. This paper proposes a novel algorithm aiming to track the behaviour of BGP edge routers and detect IP prefix hijacks based on a typical signature. The algorithm parses the BGP advertisements in order to detect the apparent relocation of specific IP prefixes, either in the same or in different regions. The algorithm aims to identify IP prefixes by multiple independent ASes. The method differs from routing consistency monitoring, which faces difficulties detecting events at the edge of the BGP infrastructure. Based on the RIRs' database, the algorithm can detect national and cross-border IP prefix hijacks very quick. However, 5 results out of 16 were not accurate therefore the algorithm has some false positives and needs further improvement to be done in future.

查看原文本刊更多论文

基于数据约简和二进制搜索算法的IP前缀劫持检测

尽管正在进行重要的研究，边界网关协议(BGP)仍然包含有关模拟as(自治系统)的IP前缀所有权的概念性漏洞问题。在此背景下，许多研究集中于通过基于历史和基于统计的行为模型来保护BGP。本文提出了一种基于典型签名跟踪BGP边缘路由器行为并检测IP前缀劫持的新算法。该算法通过对BGP通告进行解析，检测特定IP前缀在同一区域或不同区域的明显迁移。该算法旨在通过多个独立的as来识别IP前缀。这种方法与路由一致性监控不同，路由一致性监控很难在BGP基础设施的边缘检测到事件。该算法基于RIRs数据库，能够快速检测到国内和跨境IP前缀劫持。然而，16个结果中有5个结果不准确，因此该算法存在一些误报，需要进一步改进。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 Internet Technologies and Applications (ITA)

自引率

0.00%

发文量