A light-weight distributed scheme for detecting ip prefix hijacks in real-time

Zheng, Changxi; JiLusheng,; Pei, Dan; WangJia,; FrancisPaul,

doi:10.1145/1282427.1282412

Cited by 67 publications

(61 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Both active traceroute-based anomaly detection techniques [15], [30] and passive RTT-based anomaly detection techniques [14] have been proposed. While we will focus on the use of passive measurements, we note that the approaches in general are fairly similar.…”

Section: E Route Anomaly Detection Using Passive Measurementsmentioning

confidence: 99%

“…While we will focus on the use of passive measurements, we note that the approaches in general are fairly similar. For example, Zheng et al [30] use changes in the number of hops in the traceroute paths to identify potential hijacks, while Hiran et al [14] use changes in the RTTs to identify potential anomalies.…”

Section: E Route Anomaly Detection Using Passive Measurementsmentioning

confidence: 99%

“…As described in Section II, this includes prefix hijack prevention mechanisms based on prefix filtering [3], [4], crypto-based solutions such as RPKI [21] and ROVER [8], hijack detection mechanisms based on changes in prefix origins observed in AS-PATH announcements (e.g., PHAS [20], PrefiSec [15], and PG-BGP [16]), and route hijack detection mechanisms using either passive RTT measurements [14] or active traceroute measurements [15], [30]. Rather than proposing new mechanisms, we evaluate the effectiveness of three broad classes of such mechanisms when they are only partially deployed.…”

Section: Related Workmentioning

confidence: 99%

“…Unfortunately, despite an increasing number of observed routing attack occurrences [1], [6], [12], [13], it has proven difficult to incentivize operators to invest in existing solutions [4], Active measurements ✗ ✗ ✓ ✓ Zheng et al [30], PrefiSec [15] and there is currently no universally deployed solution that prevents hijacking of Internet traffic by third parties [12]. For example, the deployment of crypto-based efforts [18], [21], [27] has been hampered by high deployment costs for network operators [4], [12].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Does scale, size, and locality matter? Evaluation of collaborative BGP security mechanisms

Hiran

Carlsson

Shahmehri

2016

2016 IFIP Networking Conference (IFIP Networking) and Workshops

View full text Add to dashboard Cite

Abstract-The Border Gateway Protocol (BGP) was not designed with security in mind and is vulnerable to many attacks, including prefix/subprefix hijacks, interception attacks, and imposture attacks. Despite many protocols having been proposed to detect or prevent such attacks, no solution has been widely deployed. Yet, the effectiveness of most proposals relies on largescale adoption and cooperation between many large Autonomous Systems (AS). In this paper we use measurement data to evaluate some promising, previously proposed techniques in cases where they are implemented by different subsets of ASes, and answer questions regarding which ASes need to collaborate, the importance of the locality and size of the participating ASes, and how many ASes are needed to achieve good efficiency when different subsets of ASes collaborate. For our evaluation we use topologies and routing information derived from real measurement data. We consider collaborative detection and prevention techniques that use (i) prefix origin information, (ii) route path updates, or (iii) passively collected round-trip time (RTT) information. Our results and answers to the above questions help determine the effectiveness of potential incremental rollouts, incentivized or required by regional legislation, for example. While there are differences between the techniques and two of the three classes see the biggest benefits when detection/prevention is performed close to the source of an attack, the results show that significant gains can be achieved even with only regional collaboration.

show abstract

Section: E Route Anomaly Detection Using Passive Measurementsmentioning

confidence: 99%

Section: E Route Anomaly Detection Using Passive Measurementsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Does scale, size, and locality matter? Evaluation of collaborative BGP security mechanisms

Hiran

Carlsson

Shahmehri

2016

2016 IFIP Networking Conference (IFIP Networking) and Workshops

View full text Add to dashboard Cite

show abstract

“…Hu et al have begun studying data plane route verification [28,47] by measuring destination characteristics such as the destination host OS, IP identifier probing, and TCP timestamps. Such techniques could be used to reduce the number of false positives in PGBGP.…”

Section: Insecure Data Planementioning

confidence: 99%

Autonomous security for autonomous systems

2008

View full text Add to dashboard Cite

a b s t r a c tThe Internet's interdomain routing protocol, BGP, supports a complex network of Autonomous Systems which is vulnerable to a number of potentially crippling attacks. Several promising cryptography-based solutions have been proposed, but their adoption has been hindered by the need for community consensus, cooperation in a public key infrastructure (PKI), and a common security protocol. Rather than force centralized control in a distributed network, this paper examines distributed security methods that are amenable to incremental deployment. Typically, such methods are less comprehensive and not provably secure. The paper describes a distributed anomaly detection and response system that provides comparable security to cryptographic methods and has a more plausible adoption path. Specifically, the paper makes the following contributions: (1) it describes pretty good BGP (PGBGP), whose security is comparable (but not identical) to secure origin BGP; (2) it gives theoretical proofs on the effectiveness of PGBGP; (3) it reports simulation experiments on a snapshot of the Internet topology annotated with the business relationships between neighboring networks; (4) it quantifies the impact that known exploits could have on the Internet; and (5) it determines the minimum number of ASes that would have to adopt a distributed security solution to provide global protection against these exploits. Taken together these results explore the boundary between what can be achieved with provably secure centralized security mechanisms for BGP and more distributed approaches that respect the autonomous nature of the Internet.

show abstract

Network reachability‐based IP prefix hijacking detection

Hong

2012

Int J Network Mgmt

View full text Add to dashboard Cite

SUMMARY IP prefix hijacking is a major threat to the security of the Internet routing system owing to the lack of authoritative prefix ownership information. Despite many efforts to design IP prefix hijack detection schemes, no existing design satisfies all the critical requirements of a truly effective system, i.e. to be real‐time, deployable, and robust. In this paper, we present a novel approach that detects IP prefix hijacking in the current Internet environment. The focus of this work is on maintaining the Border Gateway Protocol routing infrastructure and not relying on mutual cooperation to ensure ease of deployment. In addition, we look at fingerprinting two autonomous systems that have the same IP prefix to distinguish hijacking events from legitimate routing updates. This paper proposes a practical and deployable IP prefix hijacking detection algorithm with live hosts on the Internet. Copyright © 2012 John Wiley & Sons, Ltd.

show abstract

A light-weight distributed scheme for detecting ip prefix hijacks in real-time

Cited by 67 publications

References 23 publications

Does scale, size, and locality matter? Evaluation of collaborative BGP security mechanisms

Does scale, size, and locality matter? Evaluation of collaborative BGP security mechanisms

Autonomous security for autonomous systems

Network reachability‐based IP prefix hijacking detection

Contact Info

Product

Resources

About