Abstract
BGP (Border Gateway Protocol) is one of the core internet backbone protocols, which were designed to address the large-scale routing among the ASes (Autonomous System) in order to ensure the reachability among them. However, an attacker can inject update messages into the BGP communication from the peering BGP routers and those routing information will be propagated across the global BGP routers. This could cause disruptions in the normal routing behavior. Specially crafted BGP messages can reroute the traffic path from a source ASN to a specific destination ASN via another path and this attack is termed as AS Path Hijacking. This research work is focused on the detection of suspicious deviation in the AS path between a source and destination ASNs, by analyzing the BGP update messages that are collected by passive peering to the BGP routers. The research mainly focuses on identifying the AS Path Hijacking by quantifying: (1). How far the deviation occurred for a given AS Path and (2). How much credible is the deviated AS path. We propose a novel approach to calculate the deviation occurred by employing weighted edit distance algorithm. A probability score using n-gram frequency is used to determine credibility of the path. Both the scores are correlated together to determine whether a given AS Path is suspicious or not. The experimental results show that our approach is capable of identifying AS path hijacks with low false positives.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Faloutsos, Michalis, Petros Faloutsos, and Christos Faloutsos. “On power-law relationships of the internet topology.” ACM SIGCOMM computer communication review. Vol. 29. No. 4. ACM, 1999.
Fuller, V., and T. Li. “IETF RFC 4632-Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan. Online document. Updated in August 2006. Cited on 7.8. 2010.”
Butler, Kevin RB, et al. “A Survey of BGP Security Issues and Solutions. ”Proceedings of the IEEE 98.1 (2010): 100–122.
Bates, Tony, Philip Smith, and Geoff Huston. “CIDR Report.” CIDR Report. Web. 30 Apr. 2016. <http://www.cidr-report.org/as2.0/>.
Pilosov, Alex, and Tony Kapela. “Stealing the Internet: An Internet-scale man in the middle attack.” NANOG-44, Los Angeles, October (2008): 12–15.
Turk, D. “Configuring BGP to block Denial-of-Service attacks.” (2004).
Toonk, Andree. “BGP Routing Incidents in 2014, Malicious or Not?” BGPmon. 17 Feb. 2015. Web. 30 Apr. 2016. <http://www.bgpmon.net/bgp-routing-incidents-in-2014-malicious-or-not/>.
Cowie, Jim. “The New Threat: Targeted Internet Traffic Misdirection - Dyn Research.” Dyn Research. 19 Nov. 2013. Web. 30 Apr. 2016. <http://research.dyn.com/2013/11/mitm-internet-hijacking/>.
Zheng, Changxi, et al. “A light-weight distributed scheme for detecting IP prefix hijacks in real-time.” ACM SIGCOMM Computer Communication Review. Vol. 37. No. 4. ACM, 2007.
Jian Chang, Krishna K. Venkatasubramanian, Andrew G.West, Sampath Kannan, Insup Lee, Boon Thau Loo and Oleg Sokolsky, “AS-CRED: Reputation and Alert Service for Interdomain Routing”.
Zhang, Jian, Jennifer Rexford, and Joan Feigenbaum. “Learning-based anomaly detection in BGP updates.” Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data. ACM, 2005.
Gersch, Joseph E. ROVER: A DNS-based method to detect and prevent IP hijacks. Diss. Colorado State University, 2013.
Shue, Craig A., Andrew J. Kalafut, and Minaxi Gupta. “Abnormally malicious autonomous systems and their internet connectivity.” IEEE/ACM Transactions on Networking (TON) 20.1 (2012): 220–230.
Deshpande, Shivani, et al. “An online mechanism for BGP instability detection and analysis.” Computers, IEEE Transactions on 58.11 (2009): 1470–1484.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Prem Sankar, A.U., Poornachandran, P., Ashok, A., Manu, R.K., Hrudya, P. (2017). B-Secure: A Dynamic Reputation System for Identifying Anomalous BGP Paths. In: Satapathy, S., Bhateja, V., Udgata, S., Pattnaik, P. (eds) Proceedings of the 5th International Conference on Frontiers in Intelligent Computing: Theory and Applications . Advances in Intelligent Systems and Computing, vol 515. Springer, Singapore. https://doi.org/10.1007/978-981-10-3153-3_76
Download citation
DOI: https://doi.org/10.1007/978-981-10-3153-3_76
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3152-6
Online ISBN: 978-981-10-3153-3
eBook Packages: EngineeringEngineering (R0)