Online detection of concurrent prefix hijacks

Shen Su; Beichuan Zhang; Binxing Fang

doi:10.1007/978-3-319-23802-9_8

Online detection of concurrent prefix hijacks

Shen Su, Beichuan Zhang, Binxing Fang

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Prefix hijacking is a major security threat to the global Internet routing system. Concurrent prefix hijack detection has been proven to be an effective method to defend routing security. However, the existing concurrent prefix hijack detection scheme considers no prefix ownership changes, and online concurrent prefix hijack detection endures seriously false positive. In this paper, we study the possible characters to filter out false positive events generated online by machine learning, and apply such characters in the online detection. Our result shows that our refined online concurrent prefix hijack detection can detect all offline detected events with no false positive. We also confirm that (1) neighboring ASes seldom hijack each other’s prefixes; (2) large ISPs seldom suffer from prefix hijacks or conduct hijacks.

Original language	English (US)
Title of host publication	International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers
Editors	Mudhakar Srivatsa, Jing Tian, Jiwu Jing
Publisher	Springer-Verlag
Pages	69-83
Number of pages	15
ISBN (Print)	9783319238012
DOIs	https://doi.org/10.1007/978-3-319-23802-9_8
State	Published - 2015
Event	10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014 - Beijing, China Duration: Sep 24 2014 → Sep 26 2014

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	153
ISSN (Print)	1867-8211

Other

Other	10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014
Country/Territory	China
City	Beijing
Period	9/24/14 → 9/26/14

Keywords

False positive
Online detection
Prefix hijack

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-319-23802-9_8

Cite this

Su, S., Zhang, B., & Fang, B. (2015). Online detection of concurrent prefix hijacks. In M. Srivatsa, J. Tian, & J. Jing (Eds.), International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers (pp. 69-83). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 153). Springer-Verlag. https://doi.org/10.1007/978-3-319-23802-9_8

Online detection of concurrent prefix hijacks. / Su, Shen; Zhang, Beichuan; Fang, Binxing.
International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers. ed. / Mudhakar Srivatsa; Jing Tian; Jiwu Jing. Springer-Verlag, 2015. p. 69-83 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 153).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Su, S, Zhang, B & Fang, B 2015, Online detection of concurrent prefix hijacks. in M Srivatsa, J Tian & J Jing (eds), International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 153, Springer-Verlag, pp. 69-83, 10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014, Beijing, China, 9/24/14. https://doi.org/10.1007/978-3-319-23802-9_8

Su S, Zhang B, Fang B. Online detection of concurrent prefix hijacks. In Srivatsa M, Tian J, Jing J, editors, International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers. Springer-Verlag. 2015. p. 69-83. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-319-23802-9_8

Su, Shen ; Zhang, Beichuan ; Fang, Binxing. / Online detection of concurrent prefix hijacks. International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers. editor / Mudhakar Srivatsa ; Jing Tian ; Jiwu Jing. Springer-Verlag, 2015. pp. 69-83 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{96c7691ace344a11b08701ebf73a2b5c,

title = "Online detection of concurrent prefix hijacks",

abstract = "Prefix hijacking is a major security threat to the global Internet routing system. Concurrent prefix hijack detection has been proven to be an effective method to defend routing security. However, the existing concurrent prefix hijack detection scheme considers no prefix ownership changes, and online concurrent prefix hijack detection endures seriously false positive. In this paper, we study the possible characters to filter out false positive events generated online by machine learning, and apply such characters in the online detection. Our result shows that our refined online concurrent prefix hijack detection can detect all offline detected events with no false positive. We also confirm that (1) neighboring ASes seldom hijack each other{\textquoteright}s prefixes; (2) large ISPs seldom suffer from prefix hijacks or conduct hijacks.",

keywords = "False positive, Online detection, Prefix hijack",

author = "Shen Su and Beichuan Zhang and Binxing Fang",

note = "Funding Information: This research was partially supported by the National Basic Research Program of China (973 Program) under grant No. 2011CB302605, the National High Technolgy Research and Development Program of China (863 Program) under grants No. 2011AA010705 and No. 2012AA012506, China Internet Network Information Center (CNNIC) under grants No. K201211043, the National Key Technology R&D Program of China under grant No. 2012BAH37B00, the National Science Foundation of China (NSF) under grants No. 61173145 and No. 61202457. Publisher Copyright: {\textcopyright} Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015.; 10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014 ; Conference date: 24-09-2014 Through 26-09-2014",

year = "2015",

doi = "10.1007/978-3-319-23802-9_8",

language = "English (US)",

isbn = "9783319238012",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer-Verlag",

pages = "69--83",

editor = "Mudhakar Srivatsa and Jing Tian and Jiwu Jing",

booktitle = "International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers",

}

TY - GEN

T1 - Online detection of concurrent prefix hijacks

AU - Su, Shen

AU - Zhang, Beichuan

AU - Fang, Binxing

N1 - Funding Information: This research was partially supported by the National Basic Research Program of China (973 Program) under grant No. 2011CB302605, the National High Technolgy Research and Development Program of China (863 Program) under grants No. 2011AA010705 and No. 2012AA012506, China Internet Network Information Center (CNNIC) under grants No. K201211043, the National Key Technology R&D Program of China under grant No. 2012BAH37B00, the National Science Foundation of China (NSF) under grants No. 61173145 and No. 61202457. Publisher Copyright: © Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015.

PY - 2015

Y1 - 2015

N2 - Prefix hijacking is a major security threat to the global Internet routing system. Concurrent prefix hijack detection has been proven to be an effective method to defend routing security. However, the existing concurrent prefix hijack detection scheme considers no prefix ownership changes, and online concurrent prefix hijack detection endures seriously false positive. In this paper, we study the possible characters to filter out false positive events generated online by machine learning, and apply such characters in the online detection. Our result shows that our refined online concurrent prefix hijack detection can detect all offline detected events with no false positive. We also confirm that (1) neighboring ASes seldom hijack each other’s prefixes; (2) large ISPs seldom suffer from prefix hijacks or conduct hijacks.

AB - Prefix hijacking is a major security threat to the global Internet routing system. Concurrent prefix hijack detection has been proven to be an effective method to defend routing security. However, the existing concurrent prefix hijack detection scheme considers no prefix ownership changes, and online concurrent prefix hijack detection endures seriously false positive. In this paper, we study the possible characters to filter out false positive events generated online by machine learning, and apply such characters in the online detection. Our result shows that our refined online concurrent prefix hijack detection can detect all offline detected events with no false positive. We also confirm that (1) neighboring ASes seldom hijack each other’s prefixes; (2) large ISPs seldom suffer from prefix hijacks or conduct hijacks.

KW - False positive

KW - Online detection

KW - Prefix hijack

UR - http://www.scopus.com/inward/record.url?scp=84952320673&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84952320673&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-23802-9_8

DO - 10.1007/978-3-319-23802-9_8

M3 - Conference contribution

AN - SCOPUS:84952320673

SN - 9783319238012

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 69

EP - 83

BT - International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers

A2 - Srivatsa, Mudhakar

A2 - Tian, Jing

A2 - Jing, Jiwu

PB - Springer-Verlag

T2 - 10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014

Y2 - 24 September 2014 through 26 September 2014

ER -

Online detection of concurrent prefix hijacks

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this