Towards an accurate AS-level traceroute tool
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Measuring ISP topologies with rocketfuel
IEEE/ACM Transactions on Networking (TON)
Towards capturing representative AS-level Internet topologies
Computer Networks: The International Journal of Computer and Telecommunications Networking
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Locating internet routing instabilities
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Locating BGP missing routes using multiple perspectives
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
A measurement framework for pin-pointing routing changes
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
The Clack graphical router: visualizing network software
SoftVis '06 Proceedings of the 2006 ACM symposium on Software visualization
MIRO: multi-path interdomain routing
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Avoiding traceroute anomalies with Paris traceroute
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Quantifying path exploration in the internet
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
PlanetSeer: internet path failure monitoring and characterization in wide-area services
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Understanding Resiliency of Internet Topology against Prefix Hijack Attacks
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Accurate Real-time Identification of IP Prefix Hijacking
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
iPlane: an information plane for distributed services
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
PHAS: a prefix hijack alert system
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
The web is smaller than it seems
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
On the impact of route monitor selection
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Testing the reachability of (new) address space
Proceedings of the 2007 SIGCOMM workshop on Internet network management
Practical defenses against BGP prefix hijacking
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Internet routing resilience to failures: analysis and implications
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
In search of the elusive ground truth: the internet's as-level connectivity structure
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Studying black holes in the internet with Hubble
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
A systematic framework for unearthing the missing links: measurements and impact
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Probabilistic IP prefix authentication (PIPA) for prefix hijacking
CFI '09 Proceedings of the 4th International Conference on Future Internet Technologies
Region-based BGP announcement filtering for improved BGP security
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Stealthy IP prefix hijacking: don't bite off more than you can chew
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
IP prefix hijacking detection using idle scan
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
Safeguarding data delivery by decoupling path propagation and adoption
INFOCOM'10 Proceedings of the 29th conference on Information communications
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Locating prefix hijackers using LOCK
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Enhancing the trust of internet routing with lightweight route attestation
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Predicting and tracking internet path changes
Proceedings of the ACM SIGCOMM 2011 conference
AS-TRUST: a trust quantification scheme for autonomous systems in BGP
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Abnormally malicious autonomous systems and their internet connectivity
IEEE/ACM Transactions on Networking (TON)
LIFEGUARD: practical repair of persistent route failures
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
LIFEGUARD: practical repair of persistent route failures
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
VisTracer: a visual analytics tool to investigate routing anomalies in traceroutes
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Detecting prefix hijackings in the internet with argus
Proceedings of the 2012 ACM conference on Internet measurement conference
Concurrent prefix hijacks: occurrence and impacts
Proceedings of the 2012 ACM conference on Internet measurement conference
Sign what you really care about - Secure BGP AS-paths efficiently
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
IP prefix hijacking remains a major threat to the security of the Internet routing system due to a lack of authoritative prefix ownership information. Despite many efforts in designing IP prefix hijack detection schemes, no existing design can satisfy all the critical requirements of a truly effective system: real-time, accurate, light-weight, easily and incrementally deployable, as well as robust in victim notification. In this paper, we present a novel approach that fulfills all these goals by monitoring network reachability from key external transit networks to one's own network through lightweight prefix-owner-based active probing. Using the prefix-owner's view of reachability, our detection system, iSPY, can differentiate between IP prefix hijacking and network failures based on the observation that hijacking is likely to result in topologically more diverse polluted networks and unreachability. Through detailed simulations of Internet routing, 25-day deployment in 88 ASes (108 prefixes), and experiments with hijacking events of our own prefix from multiple locations, we demonstrate that iSPY is accurate with false negative ratio below 0.45% and false positive ratio below 0.17%. Furthermore, iSPY is truly real-time; it can detect hijacking events within a few minutes.