A Study Of Prefix Hijacking Defense And Detection In Inter-Domain Routing

Inter-Domain routing information received from neighbors cannot be validated, soforged routes generated by mis-configurations or malicious attacks may cause IP pack-ets to be forwarded along wrong paths. Recently, the rapid expanding of Internet scaleand stimulation of business profits, making prefix hijacking frequently happen, and Inter-Domain Routing security attracted much more attention. Many solutions have been pro-posed for hijacking defense and detection. However, since it’s hard to balance securityand efciency, secure Inter-Domain Routing protocol which aims at defending hijackinghas never been widely deployed. And since it’s hard to balance real-time and accuracy,there is still no online system/service to real-timely detect prefix hijacking. This disser-tation focuses on prefix defense and detection in the Inter-Domain Routing, and makescontributions in the following four aspects:1. Propose Inter-Domain Routing prefix hijacking protect model, AHIDR. In thispaper, we took completely summary and deeply analysis of all currently known attacksin the Inter-Domain Routing, discussed their usage to hijack prefix, and clearly definedthe scope of Inter-Domain Routing security and the protection level of various kindsof attacks. We also proposed an Inter-Domain Routing prefix hijacking protect model,AHIDR, which provides a theoretical basis for further research.2. We address the hijacking defense problem and propose an efcient secure Inter-Domain Routing protocol, FS-BGP. Based on our deeply analysis of the path characteris-tics in Inter-Domain routing, FS-BGP utilizes critical path segment attestation algorithmto efciently validate feasible path, and exploits suppressed path padding algorithm de-fending against prefix hijacking with AS-path violating routing decision, thus avoided thedilemma of balancing security and efciency. Theoretical analysis shows that FS-BGPmeets the definition of hijacking defense in AHIDR. Our experiments used real BGP Up-dates announced by dozens of backbone routers in eight months, results show that cost inFS-BGP are reduced by two orders of magnitude compare with existing proposals withthe same security level.3. We address the hijacking detection problem and propose a fast and accuratehijacking detection algorithm RACE. RACE creatively utilized the correlation betweencontrol-plane routing status and data-plane reachability on the spatial dimension, avoided large delay in existing methods by utilizing anomaly detection on the time dimension,and also avoided the natural defects of accuracy when only exploit status information inone plane. The result of detection practice shows that RACE can identify prefix hijackingin real-time, and authoritative data sources also validate its false rate is very low. RACEmeets the definition of hijacking detection in AHIDR, and for the first time address thehijacking attack by forging routing policy.4. Launch the first real-time hijacking detection system, Argus, which can moni-tor global Internet and unsupervised detect hijacking. Based on RECE advantages andhacking optimization, Argus has already real-time monitoring the global Internet for twoyears. For the first time we accurately detected lots of real hijackings, and got the firsthijacking report for the Internet. Real hijacking cases demonstrated that our real-timealerting service helped network operator to rescue mis-configuration. Since Argus pro-vided lots of valuable detection data, it received the first Communication ContributionAward issued by ACM IMC.Detecting and defending prefix hijacking by Argus and FS-BGP, will create a secureInter-Domain Routing environment.