LDC: Detecting BGP Prefix Hijacking by Load Distribution Change

LDC: Detecting BGP Prefix Hijacking by Load Distribution Change

BGP prefix hijacking remains a serious security threat to the Internet. Despite many detection mechanisms have been proposed, few of them are practically deployed in a large scale. Inaccuracy of detection and inefficiency of deployment are two major causing problems. In this paper, based on the key...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Yujing Liu, Jinshu Su, Chang, R. K. C.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Accuracy
BGP prefix hijacking
Calculators
detection
direct provider
Internet
IP networks
load distribution
Load modeling
Monitoring
Routing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:BGP prefix hijacking remains a serious security threat to the Internet. Despite many detection mechanisms have been proposed, few of them are practically deployed in a large scale. Inaccuracy of detection and inefficiency of deployment are two major causing problems. In this paper, based on the key observation that the distribution of traffic load to a prefix will change unusually after the prefix is hijacked, we present a system LDC to detect BGP prefix hijacking by passively monitoring Load Distribution Change on direct providers of prefix's owner, with the purpose of Leveraging Data-plane information to detect Control-plane problem. Through large amount of simulations of hijacking attacks and AS failure events based on empirical data, we evaluate the accuracy of LDC under different deployment situations, moreover, gain useful insights about choosing detection threshold accordingly.
DOI:10.1109/IPDPSW.2012.147