Region-based BGP announcement filtering for improved BGP security

  • Authors:
  • Fernando Sanchez;Zhenhai Duan

  • Affiliations:
  • Florida State University;Florida State University

  • Venue:
  • ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

BGP prefix hijacking is a serious security threat on the Internet. In this paper we propose a region-based BGP announcement filtering scheme (RBF) to improve the BGP security. In contrast to existing solutions that indifferently prevent or detect prefix hijacking attacks, RBF enables differentiated AS and prefix filtering treatment and blends prefix hijacking prevention with deterrence. RBF is a light-weight BGP security scheme that provides strong incremental deployment incentive and better prefix hijacking deterrence. Experimental studies based on real Internet numbers allocation information and BGP traces show that RBF is a feasible and effective scheme in improving BGP security. For example, on the days without known BGP prefix hijacking attacks, only a small number of BGP announcements will be flagged as attacks. Importantly, by applying RBF to known BGP prefix hijacking attacks, we show that RBF can detect and filter both large-scale and small-scale BGP prefix hijacking attacks even if only a single prefix is hijacked.