A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
On the impact of route monitor selection
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Practical defenses against BGP prefix hijacking
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Ispy: detecting ip prefix hijacking on my own
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Autonomous security for autonomous systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Symmetric Key Approaches to Securing BGP --- A Little Bit Trust Is Enough
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Probabilistic IP prefix authentication (PIPA) for prefix hijacking
CFI '09 Proceedings of the 4th International Conference on Future Internet Technologies
NetReview: detecting when interdomain routing goes wrong
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Region-based BGP announcement filtering for improved BGP security
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Stealthy IP prefix hijacking: don't bite off more than you can chew
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
IP prefix hijacking detection using idle scan
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
On the effectiveness of IP reputation for spam filtering
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Locating prefix hijackers using LOCK
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
StrobeLight: lightweight availability mapping and anomaly detection
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Robust Decentralized Virtual Coordinate Systems in Adversarial Environments
ACM Transactions on Information and System Security (TISSEC)
iSPY: detecting IP prefix hijacking on my own
IEEE/ACM Transactions on Networking (TON)
Enhancing the trust of internet routing with lightweight route attestation
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Debugging the data plane with anteater
Proceedings of the ACM SIGCOMM 2011 conference
AS-TRUST: a trust quantification scheme for autonomous systems in BGP
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Abnormally malicious autonomous systems and their internet connectivity
IEEE/ACM Transactions on Networking (TON)
Towards detecting BGP route hijacking using the RPKI
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
Towards detecting BGP route hijacking using the RPKI
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
VisTracer: a visual analytics tool to investigate routing anomalies in traceroutes
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Detecting prefix hijackings in the internet with argus
Proceedings of the 2012 ACM conference on Internet measurement conference
Concurrent prefix hijacks: occurrence and impacts
Proceedings of the 2012 ACM conference on Internet measurement conference
Classifying internet one-way traffic
Proceedings of the 2012 ACM conference on Internet measurement conference
Emulation on the internet prefix hijacking attack impaction
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
A forensic case study on as hijacking: the attacker's perspective
ACM SIGCOMM Computer Communication Review
Sign what you really care about - Secure BGP AS-paths efficiently
Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards passive DNS software fingerprinting
Proceedings of the 9th Asian Internet Engineering Conference
The security appliance to BIRD software router
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
| Hi-index | 0.00 |
We present novel and practical techniques to accurately detect IP prefix hijacking attacks in real time to facilitate mitigation. Attacks may hijack victim's address space to disrupt network services or perpetrate malicious activities such as spamming and DoS attacks without disclosing identity. We propose novel ways to significantly improve the detection accuracy by combining analysis of passively collected BGP routing updates with data plane ingerprints of suspicious prefixes. The key insight is to use data plane information in the form of edge network ingerprinting to disambiguate suspect IP hijacking incidences based on routing anomaly detection. Conflicts in data plane ingerprints provide much more definitive evidence of successful IP pre- fix hijacking. Utilizing multiple real-time BGP feeds, we demonstrate the ability of our system to distinguish between legitimate routing changes and actual attacks. Strong correlation with addresses that originate spam emails from a spam honeypot confirms the accuracy of our techniques.