Detecting IP prefix hijacking using data reduction-based and Binary Search Algorithm

In spite of significant ongoing research, the Border gateway protocol (BGP) still encompasses conceptual vulnerability issues regarding impersonating the ownership of IP prefixes for ASes (Autonomous Systems). In this context, a number of research studies focused on securing BGP through historical-based and statistical-based behavioural models. This paper proposes a novel algorithm aiming to track the behaviour of BGP edge routers and detect IP prefix hijacks based on a typical signature. The algorithm parses the BGP advertisements in order to detect the apparent relocation of specific IP prefixes, either in the same or in different regions. The algorithm aims to identify IP prefixes by multiple independent ASes. The method differs from routing consistency monitoring, which faces difficulties detecting events at the edge of the BGP infrastructure. Based on the RIRs´ database, the algorithm can detect national and cross-border IP prefix hijacks very quick. However, 5 results out of 16 were not accurate therefore the algorithm has some false positives and needs further improvement to be done in future.