Abstract

The prefix hijacking problem is an urgent security issue that need to address in the Border Gateway Protocol (BGP) security research. In order to solve the problem of prefix hijacking in BGP, we propose (a) new (p)refix (h)ijacking (d)etection model based on the immune network theory in this paper, called aPHD. To be specific, aPHD uses real BGP UPDATE messages for pre-training and has the ability to detect UPDATE messages in real time after pre-training. The aPHD (1) can effectively detect prefix hijacking attacks with high accuracy; (2)is easy to deployment; and (3) has a low false positive rate and low overhead. Extensive performance evaluation shows that our solution is secure and feasible. The aPHD improved the accuracy rate by 6.2% and reduced the false positive rate by 85.7%.

Highlights

  • Due to the large scale of the Internet and a large number of ISPs (Intemet Service Provider), attacks against Border Gateway Protocol (BGP) are increasing and seriously affect the use and development of the Internet [1]

  • We design a prefix hijacking detection model based on immune network theory, called aPHD, which focuses on three issues: (1) event collection, where excellent detection efficiency is supported by data; (2) real-time detection, where the received UPDATE messages will be detected; (3) attack response, where the detected attack gets a quick response

  • PRELIMINARIES we review some background of prefix hijacking and immune network theory before detailing our construction

Read more

Summary

INTRODUCTION

Due to the large scale of the Internet and a large number of ISPs (Intemet Service Provider), attacks against BGP are increasing and seriously affect the use and development of the Internet [1]. BGP routing messages include Network Layer Reachability Information (NLRI) [4] and path attributes. Its primary function is to identify the network address of the reachable AS announced by the BGP routing message. There are many attacks against BGP exploiting NLRI and path attributes, such as prefix hijacking [5], path forgery [6], route leak [7], and TCP protocol attacks [8]. We design a prefix hijacking detection model based on immune network theory, called aPHD, which focuses on three issues: (1) event collection, where excellent detection efficiency is supported by data; (2) real-time detection, where the received UPDATE messages will be detected; (3) attack response, where the detected attack gets a quick response. By combining immune network theory with prefix hijacking detection, identify attacks and fast responses can be effectively achieved.

RELATED WORK
OUR PROPOSED APHD SCHEME
Findings
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.