Detecting Internet-Scale Traffic Redirection Attacks Using Latent Class Models
Traffic redirection attacks based on BGP route hijacking has been an increasing concern in Internet security worldwide. This paper addresses the statistical detection of traffic redirection attacks based on the RTT data collected by a network of probes spread all around the world. Specifically, we use a Latent Class Model to combine the decisions of individual probes on whether an Internet site is being attacked, and use supervised learning methods to perform the probe decisions. We evaluate the methods in a large number of scenarios, and compare them with an empirically adjusted heuristic. Our method achieves very good performance, superior to the heuristic one. Moreover, we provide a comprehensive analysis of the merits of the Latent Class Model approach.
KeywordsTraffic redirection attack BGP security Statistical learning Latent Class Model
This research was supported by Instituto de Telecomunicações, Centro de Matemática Computacional e Estocástica, and Fundação Nacional para a Ciência e Tecnologia, through projects PTDC/EEI-TEL/5708/2014, UID/EEA/50008/2013, and UID/Multi/04621/2013. A. Subtil was funded by the FCT grant SFRH/BD/69793/2010.
- 3.Cimpanu, C.: DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident. Bleeping Computer News (2018). https://www.bleepingcomputer.com/news/security/dns-poisoning-or-bgp-hijacking-behind-trezor-wallet-phishing-incident/
- 4.Cowie, J.: The New Threat: Targeted Internet Traffic Misdirection. Blog - Renesys- The Internet Intelligence Authority (2013). http://www.renesys.com/2013/11/mitm-internet-hijacking/
- 8.Madory, D.: BGP/DNS Hijacks Target Payment Systems. Oracle+Dyn Blog (2018). https://dyn.com/blog/bgp-dns-hijacks-target-payment-systems/
- 9.Murphy, S.: BGP Security Vulnerabilities Analysis, RFC 4272 (Informational). Internet Engineering Task Force (2006)Google Scholar
- 10.Pilosov, A., Kapela, T.: Stealing the internet - an internet-scale man in the middle attack. In: DEFCON 16 (2008)Google Scholar
- 11.R Core Team: R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria (2018). https://www.R-project.org/
- 12.Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4), RFC 4271(Draft Standard). Internet Engineering Task Force (2006). http://www.ietf.org/rfc/rfc4271.txt
- 13.Salvador, P., Nogueira, A.: Customer-side detection of internet-scale traffic redirection. In: 2014 16th International Telecommunications Network Strategy and Planning Symposium, pp. 1–5 (2014). https://doi.org/10.1109/NETWKS.2014.6958532