AS-CRED: Reputation and Alert Service for Interdomain Routing

As the backbone routing system of the Internet, the operational aspect of the interdomain routing is highly complex. Building a trustworthy ecosystem for interdomain routing requires the proper maintenance of trust relationships among tens of thousands of peer IP domains called autonomous systems (ASes). ASes today implicitly trust any routing information received from other ASes as part of border gateway protocol (BGP) updates. Such blind trust is problematic given the dramatic rise in the number of anomalous updates being disseminated, which pose grave security consequences for the interdomain routing operation. In this paper, we present AS-CRED, an AS reputation and alert service that not only detects anomalous BGP updates, but also provides a quantitative view of AS´ tendencies to perpetrate anomalous behavior. AS-CRED focuses on detecting two types of anomalous updates: 1) hijacked updates where ASes announcing a prefix that they do not own, and 2) vacillating updates that are part of a quick succession of announcements and withdrawals involving a specific prefix, rendering the information practically ineffective for routing. AS-CRED works by analyzing the past updates announced by ASes for the presence of these anomalies. Based on this analysis, it generates AS reputation values that provide an aggregate and quantitative view of the AS´ anomalous behavior history. The reputation values are then used in a tiered alert system for tracking any subsequent anomalous updates observed. Analyzing AS-CRED´s operation with real-world BGP traffic over six months, we demonstrate the effectiveness and improvement of the proposed approach over similar alert systems.