PHAS: A prefix hijack alert system

Mohit Lad, Dan Massey, Dan Pei, Yiguo Wu, Beichuan Zhang, Lixia Zhang

Research output: Contribution to conferencePaperpeer-review

215 Scopus citations


In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.

Original languageEnglish (US)
Number of pages14
StatePublished - 2006
Event15th USENIX Security Symposium - Vancouver, Canada
Duration: Jul 31 2006Aug 4 2006


Conference15th USENIX Security Symposium

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'PHAS: A prefix hijack alert system'. Together they form a unique fingerprint.

Cite this