Abstract
Prefix hijacking is a major security threat to the global Internet routing system. Concurrent prefix hijack detection has been proven to be an effective method to defend routing security. However, the existing concurrent prefix hijack detection scheme considers no prefix ownership changes, and online concurrent prefix hijack detection endures seriously false positive. In this paper, we study the possible characters to filter out false positive events generated online by machine learning, and apply such characters in the online detection. Our result shows that our refined online concurrent prefix hijack detection can detect all offline detected events with no false positive. We also confirm that (1) neighboring ASes seldom hijack each other’s prefixes; (2) large ISPs seldom suffer from prefix hijacks or conduct hijacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Varun, K., Qing, J., Zhang, B.: Concurrent prefix hijacks: occurrence and impacts. In: IMC (2012)
RIPE myASN System. http://www.ris.ripe.net/myasn
Chi, Y.-J., Oliveiro, R., Zhang, L.: Cyclops: the AS level connectivity observatory. SIGCOMM Comput. Commun. Rev. 38(5), 5–16 (2008)
Hu, X., Mao, Z. M.: Accurate real-time identification of IP prefix hijacking. In: IEEE Symposium on Security and Privacy (2007)
Karlin, J., Forrest, S., Rexford, J.: Pretty Good BGP: improving BGP by cautiously adopting routes. In: ICNP (2006)
Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure border gateway protocol (S-BGP). IEEE JSAC 18, 103–116 (2000)
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., Zhang, L.: PHAS: a prefix hijack alert system. In: USENIX Security Symposium (2006)
Qiu, J., Gao, L., Ranjan, S., Nucci, A.: Detecting bogus BGP route information: going beyond prefix hijacking. In: SecureComm (2007)
Subramanian, L., Roth, V., Stoica, I., Shenker, S., Katz, R. H.: Listen and whisper: security mechanisms for BGP. In: NSDI (2004)
Zhang, M., Liu, B., Zhang, B.: Safeguarding data delivery by decoupling path propagation and adoption. In: INFO-COM (2010)
Zhang, Z., Zhang, Y., Hu, Y. C., Mao, Z. M., Bush, R.: iSPY: detecting IP prefix hijacking on my own. In: SIG-COMM, pp. 327–338 (2008)
Zheng, C., Ji, L., Pei, D., Wang, J., Francis, P.: A light-weight distributed scheme for detecting IP prefix hijacks in real-time. In: ACM SIGCOMM (2007)
Whois Database. http://www.whois.net/
University of Oregon Route Views Archive Project. http://www.routeview.org
Acknowledgement
This research was partially supported by the National Basic Research Program of China (973 Program) under grant No. 2011CB302605, the National High Technolgy Research and Development Program of China (863 Program) under grants No. 2011AA010705 and No. 2012AA012506, China Internet Network Information Center (CNNIC) under grants No. K201211043, the National Key Technology R&D Program of China under grant No. 2012BAH37B00, the National Science Foundation of China (NSF) under grants No. 61173145 and No. 61202457.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Su, S., Zhang, B., Fang, B. (2015). Online Detection of Concurrent Prefix Hijacks. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 153. Springer, Cham. https://doi.org/10.1007/978-3-319-23802-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-23802-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23801-2
Online ISBN: 978-3-319-23802-9
eBook Packages: Computer ScienceComputer Science (R0)