Skip to main content
SpringerLink
Log in

Identifying critical autonomous systems in the Internet

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The Internet not only facilitates our daily activities, such as communication, entertainment and shopping but also serves as the enabling technology for many critical services, including finance, manufacturing, healthcare and transportation. On the other hand, a wide spectrum of attacks targets its communication infrastructure to disable or disrupt the network connectivity and traffic flow until recovery processes take place. Attacking all autonomous systems (ASes) in the Internet is typically beyond the capability of an adversary. Therefore, targeting a small number of ASes which results in the highest impact is the best strategy for attackers. Similarly, it is important for network practitioners to identify, fortify and secure those critical ASes to mitigate the impact of the attacks. In this study we introduce an intuitive and effective measure, IP address spatial path stress centrality, to assess and identify the critical ASes in the Internet. We compare IP address spatial path stress centrality to the three well-known and widely used centrality measures, namely customer-cone size, node degree and betweenness. We demonstrate that the proposed measure incorporates business relations and IP address spaces to achieve a better measure for identifying the critical ASes in the Internet.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Hawkinson J, Bates T (1996) Guidelines for creation, selection, and registration of an autonomous system (AS). RFC 1930

  2. Tozal ME (2016) The Internet: a system of interconnected autonomous systems. In: IEEE Systems Conference, Orlando, FL, USA

  3. Luckie M, Huffaker B, Claffy K, Dhamdhere A, Giotsas V (2013) As relationships, customer cones, and validation. In: Internet Measurement Conference (IMC), Barcelona, ESP

  4. Gao L (2001) On inferring autonomous system relationships in the internet. IEEE/ACM Trans Netw 9(6):733–745

    Article  Google Scholar 

  5. Giotsas V, Luckie M, Huffaker B, Claffy K (2014) Inferring complex AS relationships. In: ACM IMC

  6. CAIDA (2016) http://data.caida.org/datasets/as-relationships/serial-2/20160501.as-rel2.txt.bz2. Accessed 6 Jan 2016

  7. Nur AY, Tozal ME (2016) Defending cyber-physical systems against dos attacks. In: IEEE International Conference on Smart Computing, St. Louis, MO, USA

  8. Kang MS, Lee SB, Gligor VD (2013) The crossfire attack. In: IEEE Symposium on Security and Privacy, San Francisco, CA, USA

  9. Bellovin S, Gansner ER (2004) Using link cuts to attack internet routing. Tech. rep, ATT Research

  10. Schuchard M, Mohaisen A, Kune DF, Hopper N, Kim Y, Vasserman EY (2010) Losing control of the internet: using the data plane to attack the control plane. In: ACM Conference on Computer and Communications Security, Chicago, IL, USA

  11. Butler K, Farley TR, McDaniel P, Rexford J (2010) A survey of bgp security issues and solutions. Proc IEEE 98(1):100–122

    Article  Google Scholar 

  12. Tozal ME (2017) Autonomous system ranking by topological characteristics: a comparative study. In: IEEE Systems Conference, Montreal, Canada

  13. Tozal ME (2018) Policy-preferred paths in AS-level Internet topology graphs. Theory Appl Graphs 5(1):1–32

    Article  MathSciNet  MATH  Google Scholar 

  14. Tozal ME (2016) Enumerating single destination, policy-preferred paths in AS-level Internet topology maps. In: IEEE Sarnoff Symposium, NJ, USA

  15. Rueda DF, Calle E, Marzo JL (2017) Robustness comparison of 15 real telecommunication networks: Structural and centrality measurements. J Netw Syst Manag 25(2):269–289

    Article  Google Scholar 

  16. Wang Y, Zhang K (2016) Quantifying the flattening of internet topology. In: International Conference on Future Internet Technologies

  17. Latora V, Nicosia V, Russo G (2017) Complex networks: principles, methods and applications. Cambridge University Press, Cambridge

    Book  MATH  Google Scholar 

  18. Zimmerli L, Tellenbach B, Wagner A, Plattner B (2009) Rating autonomous systems. In: Internet monitoring and protection (ICIMP)

  19. Clérot F, Nguyen Q (2005) A social network approach for the ranking of the autonomous systems of the Internet. In: Link analysis workshop

  20. Wagner C, François J, State R, Dulaunoy A, Engel T, Massen G (2013) Asmatra: ranking ass providing transit service to malware hosters. In: Integrated network management, IFIP/IEEE

  21. Dimitropoulos X, Krioukov D, Riley G, claffy K (2006) Revealing the autonomous system taxonomy: The machine learning approach. In: Passive and active network measurement workshop (PAM), Adelaide, Australia

  22. Rekhter Y, Li T, Hares S (2006) A Border Gateway Protocol 4 (BGP-4). RFC 4271 (Draft Standard)

  23. Wang H, Song M (2011) Ckmeans.1d.dp: optimal k-means clustering in one dimension by dynamic programming. R J 3(2):29–33

    Article  Google Scholar 

  24. Freeman LC (1977) A set of measures of centrality based on betweenness. Sociometry 40(1):35–41

    Article  Google Scholar 

  25. Shavitt Y, Weinsberg U (2012) Topological trends of internet content providers. In: SIMPLEX

  26. Emond EJ, Mason DW (2002) A new rank correlation coefficient with application to the consensus ranking problem. J Multi-Criteria Decis Anal 11(1):17–28

    Article  MATH  Google Scholar 

  27. Masoud MZ, Hei X, Cheng W (2013) A graph-theoretic study of the flattening internet as topology. In: IEEE International Conference on Networks, Singapore, Singapore

  28. Hiran R, Carlsson N, Shahmehri N (2016) Does scale, size, and locality matter? evaluation of collaborative bgp security mechanisms. In: IFIP Networking Conference, IEEE, pp 261–269

  29. Perlman RJ (1988) Network layer protocols with byzantine robustness. Ph.D. thesis, Massachusetts Institute of Technology

  30. Nicholes MO, Mukherjee B (2009) A survey of security techniques for the border gateway protocol (bgp). IEEE Commun Surv Tutor 11(1):52–65

    Article  Google Scholar 

  31. Kent S, Lynn C, Seo K (2000) Secure border gateway protocol (s-bgp). IEEE J Select Areas Commun 18(4):582–592

    Article  Google Scholar 

  32. Ng J et al (2004) Extensions to bgp to support secure origin bgp (sobgp). Tech. rep, Internet Draft, Apr

  33. Goodell G, Aiello W, Griffin T, Ioannidis J, McDaniel PD, Rubin AD (2003) Working around bgp: an incremental approach to improving security and accuracy in interdomain routing. In: NDSS, vol 23, p 156

  34. Gómez-Arevalillo ADLR, Papadimitratos P (2017) Blockchain-based public key infrastructure for inter-domain secure routing. In: international workshop on open problems in network security (iNetSec), pp 20–38

  35. Qiu SY, Monrose F, Terzis A, McDaniel PD (2006) Efficient techniques for detecting false origin advertisements in inter-domain routing. In: Secure network protocols, 2006. 2nd IEEE workshop on, IEEE, pp 12–19

  36. Lad M, Massey D, Pei D, Wu Y, Zhang B, Zhang L (2006) Phas: a prefix hijack alert system. In: USENIX Security symposium, vol 1, p 3

  37. Nur AY, Tozal ME (2018) Record route ip traceback: combating dos attacks and the variants. Comput Secur 72:13–25

    Article  Google Scholar 

  38. Kalkan K, Gür G, Alagöz F (2017) Filtering-based defense mechanisms against ddos attacks: a survey. IEEE Syst J 11(4):2761–2773

    Article  Google Scholar 

  39. Wisthoff M (2018) Ddos countermeasures. In: Information technology-new generations. Springer, pp 915–919

  40. Gil TM, Poletto M (2001) Multops: A data-structure for bandwidth attack detection. In: USENIX Security Symposium, pp 23–38

  41. Peng T, Leckie C, Ramamohanarao K (2004) Proactively detecting distributed denial of service attacks using source ip address monitoring. In: International Conference on Research in Networking, Springer, pp 771–782

    Google Scholar 

  42. Mahajan R, Bellovin SM, Floyd S, Ioannidis J, Paxson V, Shenker S (2002) Controlling high bandwidth aggregates in the network. ACM SIGCOMM Comput Commun Rev 32(3):62–73

    Article  Google Scholar 

  43. Peng T, Leckie C, Ramamohanarao K (2007) Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput Surv (CSUR) 39(1):3

    Article  Google Scholar 

  44. Baker F, Savola P (2004) Ingress filtering for multihomed networks. RFC 3704

  45. Kalkan K, Alagöz F (2016) A distributed filtering mechanism against ddos attacks: Scoreforcore. Comput Netw 108:199–209

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing and Informatics, University of Louisiana, Lafayette, Lafayette, LA, 70504, USA

    Abdullah Yasin Nur & Mehmet Engin Tozal

Authors
  1. Abdullah Yasin Nur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehmet Engin Tozal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abdullah Yasin Nur.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nur, A.Y., Tozal, M.E. Identifying critical autonomous systems in the Internet. J Supercomput 74, 4965–4985 (2018). https://doi.org/10.1007/s11227-018-2336-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2336-3

Keywords

Search

Navigation