A BGP Hijacking Detection Method based on Multi-dimensional Historical Data Analysis

Abstract

BGP prefix hijacking is one of the top threats on the Internet. The traditional approaches are mainly to analyze the prefix changes of the control plane, or to use the active measurement detection method to obtain the reachability of the prefix to determine whether there is prefix hijacking. These approaches rely on extensive infrastructures, wide coverage of measurement points, and long-term continuous detection. In this paper, we propose a BGP prefix hijacking detection method based on multi-dimensional historical data analysis, which can avoid the high deployment cost and long detection delay of active measurement methods. We test the proposed method on 1487 prefix hijacking events identified by BGPStream, from which more than 99% (1475/1487) prefix hijacking events are detected. The results show that the proposed method can effectively and accurately detect prefix hijacking.