Abstract
In this paper, a BGP hijack detection mechanism is presented. The proposed methodology is utterly unsupervised and no assumptions are made whatsoever, but it is developed upon the extraction of two novel features related to the frequency of appearance and the geographic deviation of each intermediate AS towards a given destination country. The technique is tested under a real-world case of BGP hijack and the efficiency of the features and the corresponding proximity measures is assessed. It is proven that the proposed approach is capable of decisively capturing such events of malicious routing path anomalies.
This work has been partially supported by the European Commission through project FP7-ICT-257495-VIS-SENSE funded by the seventh framework program. The opinions expressed in this paper are those of the authors and do not necessarily reflect the views of the European Commission.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rekhter, Y., Li, T.: A border gateway protocol 4 (bgp-4). IETF RFC 1771. http://www.ietf.org/rfc/rfc1771.txt
Sriram, K., Borchert, O., Kim, O., Gleichmann, P., Montgomery, D.: A comparative analysis of bgp anomaly detection and robustness algorithms. In: Proceedings of the CATCH ’09, (March 2009)
Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the internet. In: Proceedings of the SIGCOMM ’07, Kyoto (2007)
Gao, L.: On inferring autonomous system relationships in the internet. IEEE/ACM Trans. Netw. 9(6), 733–745 (2001)
Deshpande, S., Thottan, M., Ho, T.K., Sikdar, B.: An online mechanism for bgp instability detection and analysis. IEEE Trans. Comput. 58(11), 3296–3304 (2009)
Zhang, K., Yen, A., Zhao, X., Massey, D., Felix Wu, S., Zhang, L.: On detection of anomalous routing dynamics in bgp. Lecture Notes in Computer Science. Springer, Berlin (2004)
Li, J., Dou, D., Wu, Z., Kim, S., Agarwal, V.: An internet routing forensics framework for discovering rules of abnormal bgp events. In: Proceedings of the SIGCOMM ’05, (Oct. 2005)
de Urbina Cazenave, I., Kosluk, E., Ganiz, M.: An anomaly detection framework for bgp. In: Proceedings of the INISTA ’11, (June 2011)
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., Zhang, L.: PHAS: A prefix hijack alert system. USENIX Security Symposium, In (2006)
Qiu, J., Gao, L., Ranjan, S., Nucci, A.: Detecting bogus bgp route information: going beyond prefix hijacking. In: Proceedings of the SecureComm ’07, (Sept. 2007)
Xiang, Y., Wang, Z., Yin, X., Wu, J.: Argus: An accurate and agile system to detecting ip prefix hijacking. In: Proceedings of the IEEE ICNP ’11, (Oct. 2011)
RIPE NCC. http://www.ripe.net/datatools/stats/ris/ris-raw-data
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag London
About this paper
Cite this paper
Theodoridis, G., Tsigkas, O., Tzovaras, D. (2013). A Novel Unsupervised Method for Securing BGP Against Routing Hijacks. In: Gelenbe, E., Lent, R. (eds) Computer and Information Sciences III. Springer, London. https://doi.org/10.1007/978-1-4471-4594-3_3
Download citation
DOI: https://doi.org/10.1007/978-1-4471-4594-3_3
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-4593-6
Online ISBN: 978-1-4471-4594-3
eBook Packages: EngineeringEngineering (R0)