Abstract
This paper presents a method for visualizing and analyzing Multiple Origin Autonomous System (MOAS) incidents on Border Gateway Protocol (BGP), for the purpose of detecting concurrent prefix hijack. Concurrent prefix hijacks happen when an unauthorized network originates prefixes that belong to multiple other networks. Towards the goal of accurately identifying such events, multiple features are extracted from the BGP records and visualized using parallel coordinates enhanced with visual querying capabilities. The proposed visual queries enable the analyst to select a significant subset of the initial dataset for further analysis, based on the values of multiple features. This procedure allows for the efficient visual fusion of the proposed features and the accurate identification of prefix hijacks. Most of the previous approaches on BGP hijack detection depend on static methods in order to fuse the information from multiple features and identify anomalies. The proposed visual feature fusion, however, allows the human operator to incorporate his expert knowledge into the analysis, so as to dynamically investigate the observed events, and accurately identify anomalies. The efficiency of the proposed approach is demonstrated on state-of-the-art BGP events.
This work has been partially supported by the European Commission through the project FP7-ICT-317888-NEMESYS funded by the 7th framework program. The opinions expressed in this paper are those of the authors and do not necessarily reflect the views of the European Commission.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: An Analysis of BGP Multiple Origin AS (MOAS) Conflicts. In: SIGCOMM Internet Measurement Workshop, p. 31. ACM Press (2001)
Zheng, C., Ji, L., Pei, D., Wang, J., Francis, P.: A light-weight distributed scheme for detecting ip prefix hijacks in real-time. ACM SIGCOMM Computer Communication Review 37(4), 277 (2007)
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., Zhang, L.: PHAS: A prefix hijack alert system. In: Proc. USENIX Security Symposium, vol. 2, pp. 153–166 (2006)
Chowdhury, P., Das, S., Samanta, S., Mangai, U.: A Survey of Decision Fusion and Feature Fusion Strategies for Pattern Classification. IETE Technical Review 27(4), 293–307 (2010)
Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the internet. ACM SIGCOMM Computer Communication Review 37(4), 265 (2007)
Deshpande, S., Thottan, M., Ho, T.K., Sikdar, B.: An online mechanism for BGP instability detection and analysis. IEEE Transactions on Computers 58(11), 1470–1484 (2009)
Li, J., Dou, D., Wu, Z., Kim, S., Agarwal, V.: An Internet routing forensics framework for discovering rules of abnormal BGP events. ACM SIGCOMM Computer Communication Review 35(5), 55–66 (2005)
Al-Rousan, N.M., Haeri, S., Trajkovic, L.: Feature selection for classification of BGP anomalies using Bayesian models. In: ICMLC, pp. 140–147 (2012)
Zhang, K., Yen, A., Zhao, X., Massey, D., Wu, S.F., Zhang, L.: On detection of anomalous routing dynamics in BGP. In: Mitrou, N.M., Kontovasilis, K., Rouskas, G.N., Iliadis, I., Merakos, L. (eds.) NETWORKING 2004. LNCS, vol. 3042, pp. 259–270. Springer, Heidelberg (2004)
Teoh, S.T., Zhang, K., Tseng, S.-M., Ma, K.-L., Wu, S.F.: Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, VizSECDMSEC 2004, p. 35 (2004)
Theodoridis, G., Tsigkas, O., Tzovaras, D.: A Novel Unsupervised Method for Securing BGP Against Routing Hijacks. In: Computer and Information Sciences III, pp. 21–29. Springer (2013)
Khare, V., Ju, Q., Zhang, B.: Concurrent prefix hijacks: Occurrence and impacts. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, pp. 29–36. ACM (2012)
Gao, L.G.L.: On inferring autonomous system relationships in the Internet. IEEE/ACM Transactions on Networking 9(6), 733–745 (2001)
RIPE Network Coordination Centre, Routing Information Service project (RIS), http://www.ripe.net
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Papadopoulos, S., Votis, K., Alexakos, C., Tzovaras, D. (2014). Feature Extraction and Visual Feature Fusion for the Detection of Concurrent Prefix Hijacks. In: Iliadis, L., Maglogiannis, I., Papadopoulos, H., Sioutas, S., Makris, C. (eds) Artificial Intelligence Applications and Innovations. AIAI 2014. IFIP Advances in Information and Communication Technology, vol 437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44722-2_33
Download citation
DOI: https://doi.org/10.1007/978-3-662-44722-2_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44721-5
Online ISBN: 978-3-662-44722-2
eBook Packages: Computer ScienceComputer Science (R0)