An Ontological Graph Identification Method for Improving Localization of IP Prefix Hijacking in Network Systems

Abstract

IP prefix hijacking continues to be a pervasive cyber security threat to the core internet routing infrastructure. The data security of multiple cloud-based services is also susceptible to these threats, due to the high dependency on traditional routing protocols. Although a number of hijacking detection techniques have been recently proposed, no existing system has effectively addressed the problem of detecting malicious transit Autonomous System (AS) services in any detected hijacking occurrences. The ability to locate and isolate malicious services is critical for conducting a necessary mitigation strategy at an early stage, to minimise the impact of the attack, to restore cloud services quickly. In this paper, we propose an effective real-time processing method, so-called Ontological Graph Identification (OGI), for detecting IP prefix hijacking of nodes and suspicious transit nodes caused by the hijacked nodes through ASs. The proposed method is evaluated using the two public datasets of RIPE RIS and RouteView. Experimental results revealed improved performance for the detection of malicious transit nodes compared with peer techniques. It is, therefore, shown that the proposed method has utility in automating the process of investigating nodes with suspicious activities in real network systems.