{"title":"基于BGP攻击签名和连通性跟踪的IP前缀劫持检测","authors":"Hussain Alshamrani, B. Ghita","doi":"10.1109/ICSN.2016.7501926","DOIUrl":null,"url":null,"abstract":"In spite of significant on-going research, the Border Gateway Protocol (BGP) still suffers vulnerability issues specially regarding impersonating the ownership of IP prefixes of ASes (Autonomous Systems). In this context, a number of research studies focused on securing the BGP through historical-based and statistical-based behavioural models. This paper proposes a novel method aiming to detect IP prefix hijacking incidents based on tracking the behaviour of suspicious ASes. The detection method uses signaturebased technique as a pre- process phase to separate suspicious announces (BGP updates) from benign announces. From a processing perspective, the outputs of signature-based algorithm are used as inputs for the detection method. Nine feature will be extracted from the ASpath attributes of potentially suspicious ASes. The features are considered a combination of the behavioral characteristics of the routers in relation to their connectivity. Based on these features and the best five supervised learning classifiers, we identify the hijacks. Under different learning algorithms, the detection method is able to detect the hijacks with a high accuracy especially with J48, which can detect the hijacks with 96%.","PeriodicalId":282295,"journal":{"name":"2016 International Conference on Software Networking (ICSN)","volume":"10 3","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"IP Prefix Hijack Detection Using BGP Attack Signatures and Connectivity Tracking\",\"authors\":\"Hussain Alshamrani, B. Ghita\",\"doi\":\"10.1109/ICSN.2016.7501926\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In spite of significant on-going research, the Border Gateway Protocol (BGP) still suffers vulnerability issues specially regarding impersonating the ownership of IP prefixes of ASes (Autonomous Systems). In this context, a number of research studies focused on securing the BGP through historical-based and statistical-based behavioural models. This paper proposes a novel method aiming to detect IP prefix hijacking incidents based on tracking the behaviour of suspicious ASes. The detection method uses signaturebased technique as a pre- process phase to separate suspicious announces (BGP updates) from benign announces. From a processing perspective, the outputs of signature-based algorithm are used as inputs for the detection method. Nine feature will be extracted from the ASpath attributes of potentially suspicious ASes. The features are considered a combination of the behavioral characteristics of the routers in relation to their connectivity. Based on these features and the best five supervised learning classifiers, we identify the hijacks. Under different learning algorithms, the detection method is able to detect the hijacks with a high accuracy especially with J48, which can detect the hijacks with 96%.\",\"PeriodicalId\":282295,\"journal\":{\"name\":\"2016 International Conference on Software Networking (ICSN)\",\"volume\":\"10 3\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Software Networking (ICSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSN.2016.7501926\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Software Networking (ICSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSN.2016.7501926","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
IP Prefix Hijack Detection Using BGP Attack Signatures and Connectivity Tracking
In spite of significant on-going research, the Border Gateway Protocol (BGP) still suffers vulnerability issues specially regarding impersonating the ownership of IP prefixes of ASes (Autonomous Systems). In this context, a number of research studies focused on securing the BGP through historical-based and statistical-based behavioural models. This paper proposes a novel method aiming to detect IP prefix hijacking incidents based on tracking the behaviour of suspicious ASes. The detection method uses signaturebased technique as a pre- process phase to separate suspicious announces (BGP updates) from benign announces. From a processing perspective, the outputs of signature-based algorithm are used as inputs for the detection method. Nine feature will be extracted from the ASpath attributes of potentially suspicious ASes. The features are considered a combination of the behavioral characteristics of the routers in relation to their connectivity. Based on these features and the best five supervised learning classifiers, we identify the hijacks. Under different learning algorithms, the detection method is able to detect the hijacks with a high accuracy especially with J48, which can detect the hijacks with 96%.