Abstract
BGP prefix hijacking is a major threat to the Internet. Detecting and characterizing large-scale prefix hijacking events is very important, yet quite difficult in practical. In this paper, we take the Google hijacking event on 2017 as a study case to develop effective detecting and characterizing mechanisms by using publicly available BGP data. The analysis result reveals key insights about the event. Firstly, the types of this event consist of hijacking a prefix and its AS, as well as hijacking a sub-prefix and its AS. Secondly, more than 160,000 prefixes belonging to over 7,200 ASes are hijacked. The largest service provider in Japan is the worst impacted AS. Thirdly, over 200 ASes are infected. AS701 is a critical infector in the propagation of hijacking routes. Finally, sub-prefix hijacking is more impactful than original prefix hijacking in terms of polluting more infectors. Such results shed light on how to deploy efficient defense mechanisms against prefix hijacking attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
