Title :
Accurate Real-time Identification of IP Prefix Hijacking
Author :
Hu, Xin ; Mao, Z. Morley
Author_Institution :
Univ. of Michigan, Ann Arbor, MI
Abstract :
We present novel and practical techniques to accurately detect IP prefix hijacking attacks in real time to facilitate mitigation. Attacks may hijack victim´s address space to disrupt network services or perpetrate malicious activities such as spamming and DoS attacks without disclosing identity. We propose novel ways to significantly improve the detection accuracy by combining analysis of passively collected BGP routing updates with data plane fingerprints of suspicious prefixes. The key insight is to use data plane information in the form of edge network fingerprinting to disambiguate suspect IP hijacking incidences based on routing anomaly detection. Conflicts in data plane fingerprints provide much more definitive evidence of successful IP prefix hijacking. Utilizing multiple real-time BGP feeds, we demonstrate the ability of our system to distinguish between legitimate routing changes and actual attacks. Strong correlation with addresses that originate spam emails from a spam honeypot confirms the accuracy of our techniques.
Keywords :
IP networks; computer crime; internetworking; protocols; telecommunication network routing; telecommunication security; BGP routing; DoS attacks; IP prefix hijacking attacks; accurate real-time identification; border gateway protocol; data plane fingerprints; edge network fingerprinting; perpetrate malicious activities; routing anomaly detection; spam emails; Computer crime; Feeds; Fingerprint recognition; IEEE news; Information filtering; Information filters; Internet; Real time systems; Routing protocols; Stability;
Conference_Titel :
Security and Privacy, 2007. SP '07. IEEE Symposium on
Conference_Location :
Berkeley, CA
Print_ISBN :
0-7695-2848-1
