Abstract
Traffic redirection attacks based on BGP route hijacking has been an increasing concern in Internet security worldwide. This paper addresses the statistical detection of traffic redirection attacks based on the RTT data collected by a network of probes spread all around the world. Specifically, we use a Latent Class Model to combine the decisions of individual probes on whether an Internet site is being attacked, and use supervised learning methods to perform the probe decisions. We evaluate the methods in a large number of scenarios, and compare them with an empirically adjusted heuristic. Our method achieves very good performance, superior to the heuristic one. Moreover, we provide a comprehensive analysis of the merits of the Latent Class Model approach.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the internet. ACM SIGCOMM CCR 37(4), 265–276 (2007). https://doi.org/10.1145/1282427.1282411
Butler, K., Farley, T., McDaniel, P., Rexford, J.: A survey of BGP security issues and solutions. Proc. IEEE 98(1), 100–122 (2010)
Cimpanu, C.: DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident. Bleeping Computer News (2018). https://www.bleepingcomputer.com/news/security/dns-poisoning-or-bgp-hijacking-behind-trezor-wallet-phishing-incident/
Cowie, J.: The New Threat: Targeted Internet Traffic Misdirection. Blog - Renesys- The Internet Intelligence Authority (2013). http://www.renesys.com/2013/11/mitm-internet-hijacking/
Goodman, L.A.: Analyzing Qualitative/Categorical Data: Log-linear Models and Latent Structure Analysis. Abt Books, Cambridge (1978)
Huston, G., Rossi, M., Armitage, G.: Securing BGP - a literature survey. IEEE Commun. Surv. Tutor. 13(2), 199–222 (2011)
Liu, Y., Luo, X., Chang, R., Su, J.: Characterizing inter-domain rerouting by betweenness centrality after disruptive events. IEEE J. Sel. Areas Commun. 31, 1147–1157 (2013)
Madory, D.: BGP/DNS Hijacks Target Payment Systems. Oracle+Dyn Blog (2018). https://dyn.com/blog/bgp-dns-hijacks-target-payment-systems/
Murphy, S.: BGP Security Vulnerabilities Analysis, RFC 4272 (Informational). Internet Engineering Task Force (2006)
Pilosov, A., Kapela, T.: Stealing the internet - an internet-scale man in the middle attack. In: DEFCON 16 (2008)
R Core Team: R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria (2018). https://www.R-project.org/
Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4), RFC 4271(Draft Standard). Internet Engineering Task Force (2006). http://www.ietf.org/rfc/rfc4271.txt
Salvador, P., Nogueira, A.: Customer-side detection of internet-scale traffic redirection. In: 2014 16th International Telecommunications Network Strategy and Planning Symposium, pp. 1–5 (2014). https://doi.org/10.1109/NETWKS.2014.6958532
Trevor, H., Robert, T., Friedman, J.H.: The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, Heidelberg (2009)
Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: detecting IP prefix hijacking on my own. IEEE/ACM Trans. Netw. 18(6), 1815–1828 (2010)
Acknowledgments
This research was supported by Instituto de Telecomunicações, Centro de Matemática Computacional e Estocástica, and Fundação Nacional para a Ciência e Tecnologia, through projects PTDC/EEI-TEL/5708/2014, UID/EEA/50008/2013, and UID/Multi/04621/2013. A. Subtil was funded by the FCT grant SFRH/BD/69793/2010.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Subtil, A., Oliveira, M.R., Valadas, R., Pacheco, A., Salvador, P. (2020). Detecting Internet-Scale Traffic Redirection Attacks Using Latent Class Models. In: Madureira, A., Abraham, A., Gandhi, N., Silva, C., Antunes, M. (eds) Proceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018). SoCPaR 2018. Advances in Intelligent Systems and Computing, vol 942. Springer, Cham. https://doi.org/10.1007/978-3-030-17065-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-17065-3_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17064-6
Online ISBN: 978-3-030-17065-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)