| The Internet is composed of many IP prefixes and autonomous systems, which interconnect by BGP(Border Gateway Protocol). Since security was not taken into consideration when BGP was designed, it is possible for an attacker to hijack the tra?c of other ASes by forging BGP routing information associated with a prefix. With the rapid growth of the Internet and the business interest of di?erent parties, prefix hijacking events have become more frequent, and have brought significant damage to the Internet. Regarding the threat of prefix hijacking, this thesis proposes better prefix hijacking detection algorithms, analyzes the influence power of di?erent hijacking events, and studies the defense strategy, so that an e?ective prefix hijacking detection and defense system can be developed. The contributions of this work include:1. We analyze the deficiency of existing hijacking detection algorithms, and designed a better algorithm based on denoising and filtering. The new algorithm achieves better detection accuracy.2. We analyze the influence power of di?erent hijacking events. We propose a new prameter called influence factor, and derive the attack and defense capabilities ofF ASes in di?erent categories. We also study one particular kind of prefix hijacking, i.e.,hijackings with anomalous AS path, by simulation, and analyze its influence in depth.3. We study the defense methods and strategies for prefix hijacking, compare their cost e?ectiveness, and also study the defense capabilities of route filtering by simulation.4. Based on Argus, a system for realtime prefix hijacking detection, we design and implement an online system for the monitoring and defense of prefix hijacking in the global Internet. Network operators may detect and eliminate prefix hijackings very quickly, so that their harm can be mitigated. |
PDF Full Text Request