Abstract
The prefix hijacking problem is an urgent security issue that need to address in the Border Gateway Protocol (BGP) security research. In order to solve the problem of prefix hijacking in BGP, we propose (a) new (p)refix (h)ijacking (d)etection model based on the immune network theory in this paper, called aPHD. To be specific, aPHD uses real BGP UPDATE messages for pre-training and has the ability to detect UPDATE messages in real time after pre-training. The aPHD (1) can effectively detect prefix hijacking attacks with high accuracy; (2)is easy to deployment; and (3) has a low false positive rate and low overhead. Extensive performance evaluation shows that our solution is secure and feasible. The aPHD improved the accuracy rate by 6.2% and reduced the false positive rate by 85.7%.
Highlights
Due to the large scale of the Internet and a large number of ISPs (Intemet Service Provider), attacks against Border Gateway Protocol (BGP) are increasing and seriously affect the use and development of the Internet [1]
We design a prefix hijacking detection model based on immune network theory, called aPHD, which focuses on three issues: (1) event collection, where excellent detection efficiency is supported by data; (2) real-time detection, where the received UPDATE messages will be detected; (3) attack response, where the detected attack gets a quick response
PRELIMINARIES we review some background of prefix hijacking and immune network theory before detailing our construction
Summary
Due to the large scale of the Internet and a large number of ISPs (Intemet Service Provider), attacks against BGP are increasing and seriously affect the use and development of the Internet [1]. BGP routing messages include Network Layer Reachability Information (NLRI) [4] and path attributes. Its primary function is to identify the network address of the reachable AS announced by the BGP routing message. There are many attacks against BGP exploiting NLRI and path attributes, such as prefix hijacking [5], path forgery [6], route leak [7], and TCP protocol attacks [8]. We design a prefix hijacking detection model based on immune network theory, called aPHD, which focuses on three issues: (1) event collection, where excellent detection efficiency is supported by data; (2) real-time detection, where the received UPDATE messages will be detected; (3) attack response, where the detected attack gets a quick response. By combining immune network theory with prefix hijacking detection, identify attacks and fast responses can be effectively achieved.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
