{"title":"基于 MOAS 事件特征的 BGP 前缀劫持检测算法","authors":"Kaiyu Chen","doi":"10.1117/12.3032047","DOIUrl":null,"url":null,"abstract":"Border Gateway Protocol (BGP) is the Internet standard inter-domain routing protocol, has become an important infrastructure of the Internet. Due to the limitation of the initial design, BGP prefix hijacking is a kind of BGP security problem that needs to be solved urgently. This paper proposes a BGP prefix hijack detection algorithm based on Multiple Origin AS (MOAS) event feature, discovering and restoring MOAS events from BGP packets, and creating an event matrix for MOAS events based on the changes of source AS observed from different observation points over time. According to the MOAS event matrix, the eigenvalue of the event is calculated from the perspective of the overall probability of the event and the local visibility of the observation point. Finally, the characteristic value of the MOAS event is compared with the exception event threshold to determine whether the event is an exception event, and then the BGP prefix hijacking is found. Compared with the prefix hijacking detection algorithm based on source AS validity, the detection results of this algorithm have higher accuracy. This method is more practical in detecting prefix hijacking according to the characteristics of the event itself.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"BGP prefix hijack detection algorithm based on MOAS event feature\",\"authors\":\"Kaiyu Chen\",\"doi\":\"10.1117/12.3032047\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Border Gateway Protocol (BGP) is the Internet standard inter-domain routing protocol, has become an important infrastructure of the Internet. Due to the limitation of the initial design, BGP prefix hijacking is a kind of BGP security problem that needs to be solved urgently. This paper proposes a BGP prefix hijack detection algorithm based on Multiple Origin AS (MOAS) event feature, discovering and restoring MOAS events from BGP packets, and creating an event matrix for MOAS events based on the changes of source AS observed from different observation points over time. According to the MOAS event matrix, the eigenvalue of the event is calculated from the perspective of the overall probability of the event and the local visibility of the observation point. Finally, the characteristic value of the MOAS event is compared with the exception event threshold to determine whether the event is an exception event, and then the BGP prefix hijacking is found. Compared with the prefix hijacking detection algorithm based on source AS validity, the detection results of this algorithm have higher accuracy. This method is more practical in detecting prefix hijacking according to the characteristics of the event itself.\",\"PeriodicalId\":198425,\"journal\":{\"name\":\"Other Conferences\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Other Conferences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1117/12.3032047\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Other Conferences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.3032047","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
BGP prefix hijack detection algorithm based on MOAS event feature
Border Gateway Protocol (BGP) is the Internet standard inter-domain routing protocol, has become an important infrastructure of the Internet. Due to the limitation of the initial design, BGP prefix hijacking is a kind of BGP security problem that needs to be solved urgently. This paper proposes a BGP prefix hijack detection algorithm based on Multiple Origin AS (MOAS) event feature, discovering and restoring MOAS events from BGP packets, and creating an event matrix for MOAS events based on the changes of source AS observed from different observation points over time. According to the MOAS event matrix, the eigenvalue of the event is calculated from the perspective of the overall probability of the event and the local visibility of the observation point. Finally, the characteristic value of the MOAS event is compared with the exception event threshold to determine whether the event is an exception event, and then the BGP prefix hijacking is found. Compared with the prefix hijacking detection algorithm based on source AS validity, the detection results of this algorithm have higher accuracy. This method is more practical in detecting prefix hijacking according to the characteristics of the event itself.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
