Publication details

Home Publications Publication details

IP prefix hijack detection using BGP connectivity monitoring
Alshamrani H, Ghita BV
High Performance Switching and Routing (HPSR), 2016 IEEE 17th International Conference on, 14-17 June, Yokohama, pp 35-41, 2016
Links:  External link available

In spite of significant on-going research, the Border gateway protocol (BGP) still encompasses conceptual vulnerability issues regarding impersonating the ownership of IP prefixes for ASes (Autonomous Systems). In this context, a number of research studies focused on securing BGP through historical-based and statistical-based behavioural models. This paper suggests a novel method based on tracking the connectivity of suspicious ASes, which are received from a program tracing IP prefix hijacking signature. The paper uses Full Cross-Validation test to investigate the accuracy of the invented method and studies the similarity and differences between malicious and benign observations before they are classified. Classification might not be the appropriate technique to deal with IP prefix hijack detection on its own; therefore we propose to combine the two methods (signature and classification-based) in order to cover the limitations of both techniques. From a processing perspective, the outputs from signature-based method are used as inputs for the classification-based. The main features are extracted from the ASpath attributes of potentially suspicious ASes. The features are considered a mixture of the behavioural characteristics of connectivity among routers. The best five supervised classifiers were used in the previous researches and go with the characteristics of dataset will be used in this paper to evaluate the detection method. Under different learning algorithms, Random Forest and J48 classifiers, the detection method is able to detect the hijacks with 81% accuracy.

Alshamrani H, Ghita BV