Detecting AS hijacking in one administrative domain

Author

Chunxiu Li ; Yujie Ma ; Ke Li ; Xin Li ; Jiangang Zhou ; Shanzhi Chen

Author_Institution

Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2013

fDate

17-19 Nov. 2013

Firstpage

383

Lastpage

387

Abstract

Due to the inherent design faults of the Border Gateway Protocol (BGP), BGP prefix hijacking remains a serious security threat to the Internet routing system. AS hijacking enables an attacker to pass the prefix ownership validation mechanism, it is more sophisticated than IP prefix hijacking. So far, many efforts have been done on the detection of prefix hijacking, however, AS hijacking has not received enough attention. This paper presents a system that is capable of detecting AS hijacking inside one administrative domain before they pollute a large number of external Autonomous Systems (ASes) on the Internet. Experiment results show that our proposed system can detect AS hijacking attacks with high accuracy and low detection latency. Furthermore, it is suitable for incremental deployment.

Keywords

Internet; computer network security; routing protocols; AS hijacking detection; BGP; IP prefix hijacking; Internet routing system; administrative domain; border gateway protocol; external autonomous systems; low detection latency; prefix hijacking detection; prefix ownership validation mechanism; serious security threat; Accuracy; Detection algorithms; Internet; Monitoring; Real-time systems; Routing; Security; AS hijacking; BGP; Hijacking detection; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Communication Technology (ICCT), 2013 15th IEEE International Conference on

Conference_Location

Guilin

Type

conf

DOI

10.1109/ICCT.2013.6820405

Filename

6820405