Detecting Internet-Scale Traffic Redirection Attacks Using Latent Class Models

  • Ana SubtilEmail author
  • M. Rosário Oliveira
  • Rui Valadas
  • Antonio Pacheco
  • Paulo Salvador
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 942)


Traffic redirection attacks based on BGP route hijacking has been an increasing concern in Internet security worldwide. This paper addresses the statistical detection of traffic redirection attacks based on the RTT data collected by a network of probes spread all around the world. Specifically, we use a Latent Class Model to combine the decisions of individual probes on whether an Internet site is being attacked, and use supervised learning methods to perform the probe decisions. We evaluate the methods in a large number of scenarios, and compare them with an empirically adjusted heuristic. Our method achieves very good performance, superior to the heuristic one. Moreover, we provide a comprehensive analysis of the merits of the Latent Class Model approach.


Traffic redirection attack BGP security Statistical learning Latent Class Model 



This research was supported by Instituto de Telecomunicações, Centro de Matemática Computacional e Estocástica, and Fundação Nacional para a Ciência e Tecnologia, through projects PTDC/EEI-TEL/5708/2014, UID/EEA/50008/2013, and UID/Multi/04621/2013. A. Subtil was funded by the FCT grant SFRH/BD/69793/2010.


  1. 1.
    Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the internet. ACM SIGCOMM CCR 37(4), 265–276 (2007). Scholar
  2. 2.
    Butler, K., Farley, T., McDaniel, P., Rexford, J.: A survey of BGP security issues and solutions. Proc. IEEE 98(1), 100–122 (2010)CrossRefGoogle Scholar
  3. 3.
    Cimpanu, C.: DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident. Bleeping Computer News (2018).
  4. 4.
    Cowie, J.: The New Threat: Targeted Internet Traffic Misdirection. Blog - Renesys- The Internet Intelligence Authority (2013).
  5. 5.
    Goodman, L.A.: Analyzing Qualitative/Categorical Data: Log-linear Models and Latent Structure Analysis. Abt Books, Cambridge (1978)zbMATHGoogle Scholar
  6. 6.
    Huston, G., Rossi, M., Armitage, G.: Securing BGP - a literature survey. IEEE Commun. Surv. Tutor. 13(2), 199–222 (2011)CrossRefGoogle Scholar
  7. 7.
    Liu, Y., Luo, X., Chang, R., Su, J.: Characterizing inter-domain rerouting by betweenness centrality after disruptive events. IEEE J. Sel. Areas Commun. 31, 1147–1157 (2013)CrossRefGoogle Scholar
  8. 8.
    Madory, D.: BGP/DNS Hijacks Target Payment Systems. Oracle+Dyn Blog (2018).
  9. 9.
    Murphy, S.: BGP Security Vulnerabilities Analysis, RFC 4272 (Informational). Internet Engineering Task Force (2006)Google Scholar
  10. 10.
    Pilosov, A., Kapela, T.: Stealing the internet - an internet-scale man in the middle attack. In: DEFCON 16 (2008)Google Scholar
  11. 11.
    R Core Team: R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria (2018).
  12. 12.
    Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4), RFC 4271(Draft Standard). Internet Engineering Task Force (2006).
  13. 13.
    Salvador, P., Nogueira, A.: Customer-side detection of internet-scale traffic redirection. In: 2014 16th International Telecommunications Network Strategy and Planning Symposium, pp. 1–5 (2014).
  14. 14.
    Trevor, H., Robert, T., Friedman, J.H.: The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, Heidelberg (2009)zbMATHGoogle Scholar
  15. 15.
    Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: detecting IP prefix hijacking on my own. IEEE/ACM Trans. Netw. 18(6), 1815–1828 (2010)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Ana Subtil
    • 1
    Email author
  • M. Rosário Oliveira
    • 2
  • Rui Valadas
    • 1
  • Antonio Pacheco
    • 1
  • Paulo Salvador
    • 3
  1. 1.Instituto de Telecomunicações and Instituto Superior TécnicoUniversidade de LisboaLisbonPortugal
  2. 2.CEMAT and Instituto Superior TécnicoUniversidade de LisboaLisbonPortugal
  3. 3.Instituto de Telecomunicações and DETIUniversidade de AveiroAveiroPortugal

Personalised recommendations