Ispy

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Ispy: detecting ip prefix hijacking on my own

Full text

Pdf (408 KB)

Source

Applications, Technologies, Architectures, and Protocols for Computer Communication archive
Proceedings of the ACM SIGCOMM 2008 conference on Data communication table of contents

Seattle, WA, USA

SESSION: Security II table of contents

Pages 327-338

Year of Publication: 2008

ISBN:978-1-60558-175-0

Also published in ...

Authors

Zheng Zhang	Purdue University, West Lafayette, USA
Ying Zhang	University of Michigan, Ann Arbor, USA
Y. Charlie Hu	Purdue University, West Lafayette, USA
Z. Morley Mao	University of Michigan, Ann Arbor, USA
Randy Bush	IIJ, Tokyo, Japan

Sponsors

ACM: Association for Computing Machinery
SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 18, Downloads (12 Months): 168, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1402958.1402996 What is a DOI?

ABSTRACT

IP prefix hijacking remains a major threat to the security of the Internet routing system due to a lack of authoritative prefix ownership information. Despite many efforts in designing IP prefix hijack detection schemes, no existing design can satisfy all the critical requirements of a truly effective system: real-time, accurate, light-weight, easily and incrementally deployable, as well as robust in victim notification. In this paper, we present a novel approach that fulfills all these goals by monitoring network reachability from key external transit networks to one's own network through lightweight prefix-owner-based active probing. Using the prefix-owner's view of reachability, our detection system, iSPY, can differentiate between IP prefix hijacking and network failures based on the observation that hijacking is likely to result in topologically more diverse polluted networks and unreachability. Through detailed simulations of Internet routing, 25-day deployment in 88 ASes (108 prefixes), and experiments with hijacking events of our own prefix from multiple locations, we demonstrate that iSPY is accurate with false negative ratio below 0.45% and false positive ratio below 0.17%. Furthermore, iSPY is truly real-time; it can detect hijacking events within a few minutes.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	RIPE RIS. http://www.ripe.net/ris/.
	2	University of Oregon Route Views Archive Project. http://www.routeviews.org.
	3	Brice Augustin , Xavier Cuvellier , Benjamin Orgogozo , Fabien Viger , Timur Friedman , Matthieu Latapy , Clémence Magnien , Renata Teixeira, Avoiding traceroute anomalies with Paris traceroute, Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil [doi>10.1145/1177080.1177100]
	4	Hitesh Ballani , Paul Francis , Xinyang Zhang, A study of prefix hijacking and interception in the internet, Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, August 27-31, 2007, Kyoto, Japan
	5	P. Boothe, J. Hiebert, and R. Bush. How Prevalent is Prefix Hijacking on the Internet. NANOG36 Talk, February 2006.
	6	Randy Bush , James Hiebert , Olaf Maennel , Matthew Roughan , Steve Uhlig, Testing the reachability of (new) address space, Proceedings of the 2007 SIGCOMM workshop on Internet network management, August 27-31, 2007, Kyoto, Japan [doi>10.1145/1321753.1321756]
	7	Di-Fa Chang , Ramesh Govindan , John Heidemann, Locating BGP missing routes using multiple perspectives, Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality, September 03-03, 2004, Portland, Oregon, USA [doi>10.1145/1016687.1016701]
	8	Hyunseok Chang , Ramesh Govindan , Sugih Jamin , Scott J. Shenker , Walter Willinger, Towards capturing representative AS-level Internet topologies, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.44 n.6, p.737-755, 22 April 2004 [doi>10.1016/j.comnet.2003.03.001]
	9	Anja Feldmann , Olaf Maennel , Z. Morley Mao , Arthur Berger , Bruce Maggs, Locating internet routing instabilities, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
	10	L. Gao. On Inferring Autonomous System Relationships in the Internet. In Proc. IEEE Global Internet Symposium, 2000.
	11	Y. He, G. Siganos, M. Faloutsos, and S. V. Krishnamurthy. A systematic framework for unearthing the missing links: Measurements and Impact. In Proc. NSDI, 2007.
	12	Xin Hu , Z. Morley Mao, Accurate Real-time Identification of IP Prefix Hijacking, Proceedings of the 2007 IEEE Symposium on Security and Privacy, p.3-17, May 20-23, 2007 [doi>10.1109/SP.2007.7]
	13	Yih-Chun Hu , Adrian Perrig , Marvin Sirbu, SPV: secure path vector routing for securing BGP, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
	14	B. Huffaker. Caida as ranking project. July, 2006, http://ww.caida.org/analysis/topology/rank_as/.
	15	Josh Karlin , Stephanie Forrest , Jennifer Rexford, Pretty Good BGP: Improving BGP by Cautiously Adopting Routes, Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols, p.290-299, November 12-15, 2006 [doi>10.1109/ICNP.2006.320179]
	16	Ethan Katz-Bassett , Harsha V. Madhyastha , John P. John , Arvind Krishnamurthy , David Wetherall , Thomas Anderson, Studying black holes in the internet with Hubble, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.247-262, April 16-18, 2008, San Francisco, California
	17	S. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (Secure-BGP). IEEE J. Selected Areas in Communications, 18 (4):582--592, April 2000.
	18	Mohit Lad , Dan Massey , Dan Pei , Yiguo Wu , Beichuan Zhang , Lixia Zhang, PHAS: a prefix hijack alert system, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
	19	Mohit Lad , Ricardo Oliveira , Beichuan Zhang , Lixia Zhang, Understanding Resiliency of Internet Topology against Prefix Hijack Attacks, Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, p.368-377, June 25-28, 2007 [doi>10.1109/DSN.2007.95]
	20	Harsha Madhyastha , Tomas Isdal , Michael Piatek , Colin Dixon , Thomas Anderson , Arvind Krishnamurthy , Arun Venkataramani, iPlane: an information plane for distributed services, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p.26-26, November 06-08, 2006, Seattle, WA
	21	Zhuoqing Morley Mao , Jennifer Rexford , Jia Wang , Randy H. Katz, Towards an accurate AS-level traceroute tool, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany [doi>10.1145/863955.863996]
	22	J. Ng. Extensions to BGP to Support Secure Origin BGP (soBGP). IETF Draft: draft-ng-sobgp-bgp-extensions-01.txt, November 2002.
	23	Ricardo V. Oliveira , Dan Pei , Walter Willinger , Beichuan Zhang , Lixia Zhang, In search of the elusive ground truth: the internet's as-level connectivity structure, Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 02-06, 2008, Annapolis, MD, USA
	24	Ricardo Oliveira , Beichuan Zhang , Dan Pei , Rafit Izhak-Ratzin , Lixia Zhang, Quantifying path exploration in the internet, Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil [doi>10.1145/1177080.1177116]
	25	J. Qiu, L. Gao, S. Ranjan, and A. Nucci. Detecting Bogus BGP Route Information: Going Beyond Prefix Hijacking. In Proc. SECURECOMM, 2007.
	26	Anirudh Ramachandran , Nick Feamster, Understanding the network-level behavior of spammers, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
	27	Craig A. Shue , Andrew J. Kalafut , Minaxi Gupta, The web is smaller than it seems, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, October 24-26, 2007, San Diego, California, USA [doi>10.1145/1298306.1298324]
	28	Neil Spring , Ratul Mahajan , David Wetherall , Thomas Anderson, Measuring ISP topologies with rocketfuel, IEEE/ACM Transactions on Networking (TON), v.12 n.1, p.2-16, February 2004 [doi>10.1109/TNET.2003.822655]
	29	Lakshminarayanan Subramanian , Volker Roth , Ion Stoica , Scott Shenker , Randy H. Katz, Listen and whisper: security mechanisms for BGP, Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation, p.10-10, March 29-31, 2004, San Francisco, California
	30	Renata Teixeira , Jennifer Rexford, A measurement framework for pin-pointing routing changes, Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality, September 03-03, 2004, Portland, Oregon, USA [doi>10.1145/1016687.1016704]
	31	Dan Wendlandt , Martin Casado , Paul Tarjan , Nick McKeown, The Clack graphical router: visualizing network software, Proceedings of the 2006 ACM symposium on Software visualization, September 04-05, 2006, Brighton, United Kingdom [doi>10.1145/1148493.1148495]
	32	Jian Wu , Ying Zhang , Z. Morley Mao , Kang G. Shin, Internet routing resilience to failures: analysis and implications, Proceedings of the 2007 ACM CoNEXT conference, December 10-13, 2007, New York, New York [doi>10.1145/1364654.1364687]
	33	Wen Xu , Jennifer Rexford, MIRO: multi-path interdomain routing, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
	34	Ming Zhang , Chi Zhang , Vivek Pai , Larry Peterson , Randy Wang, PlanetSeer: internet path failure monitoring and characterization in wide-area services, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.12-12, December 06-08, 2004, San Francisco, CA
	35	Ying Zhang , Zheng Zhang , Zhuoqing Morley Mao , Charlie Hu , Bruce MacDowell Maggs, On the impact of route monitor selection, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, October 24-26, 2007, San Diego, California, USA [doi>10.1145/1298306.1298336]
	36	Zheng Zhang , Ying Zhang , Y. Charlie Hu , Z. Morley Mao, Practical defenses against BGP prefix hijacking, Proceedings of the 2007 ACM CoNEXT conference, December 10-13, 2007, New York, New York [doi>10.1145/1364654.1364658]
	37	Changxi Zheng , Lusheng Ji , Dan Pei , Jia Wang , Paul Francis, A light-weight distributed scheme for detecting ip prefix hijacks in real-time, Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications, August 27-31, 2007, Kyoto, Japan