Towards an accurate AS-level traceroute tool
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Measuring ISP topologies with rocketfuel
IEEE/ACM Transactions on Networking (TON)
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Locating internet routing instabilities
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A measurement framework for pin-pointing routing changes
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
MIRO: multi-path interdomain routing
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Avoiding traceroute anomalies with Paris traceroute
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Quantifying path exploration in the internet
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
PlanetSeer: internet path failure monitoring and characterization in wide-area services
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Understanding Resiliency of Internet Topology against Prefix Hijack Attacks
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Accurate Real-time Identification of IP Prefix Hijacking
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
PHAS: a prefix hijack alert system
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
The web is smaller than it seems
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
On the impact of route monitor selection
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
iPlane: an information plane for distributed services
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Testing the reachability of (new) address space
Proceedings of the 2007 SIGCOMM workshop on Internet network management
Practical defenses against BGP prefix hijacking
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Internet routing resilience to failures: analysis and implications
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Studying black holes in the internet with Hubble
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Locating prefix hijackers using LOCK
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Classifying internet one-way traffic
Proceedings of the 2012 ACM conference on Internet measurement conference
How to prevent AS hijacking attacks
Proceedings of the 2012 ACM conference on CoNEXT student workshop
A forensic case study on as hijacking: the attacker's perspective
ACM SIGCOMM Computer Communication Review
Hi-index | 0.00 |
IP prefix hijacking remains a major threat to the security of the Internet routing system due to a lack of authoritative prefix ownership information. Despite many efforts in designing IP prefix hijack detection schemes, no existing design can satisfy all the critical requirements of a truly effective system: real-time, accurate, lightweight, easily and incrementally deployable, as well as robust in victim notification. In this paper, we present a novel approach that fulfills all these goals by monitoring network reachability from key external transit networks to one's own network through lightweight prefix-owner-based active probing. Using the prefix-owner's view of reachability, our detection system, iSPY, can differentiate between IP prefix hijacking and network failures based on the observation that hijacking is likely to result in topologically more diverse polluted networks and unreachability. Through detailed simulations of Internet routing, 25-day deployment in 88 autonomous systems (ASs) (108 prefixes), and experiments with hijacking events of our own prefix from multiple locations, we demonstrate that iSPY is accurate with false negative ratio below 0.45% and false positive ratio below 0.17%. Furthermore, iSPY is truly real-time; it can detect hijacking events within a few minutes.