Yujing Liu,Bofeng Zhang,Wang Fei,Jinshu Su

DOI: https://doi.org/10.1109/IFCSTA.2009.119

2009-01-01

Abstract:From the aspect of inter-domain routing security, it is important to identify the critical ASes which transmit a large fraction of data traffic. By analyzing the BGP routing process under the control of routing polices and evaluating a series of Transmit factors, we realize that BGP routing system has a Hinge-Transmit property. It indicates that Tier-1 AS set is the hinge of the Internet, transmitting a large fraction of data traffic to the whole network; a subset of Tier-1 AS set with a special topological location (core AS set) is the hinge of data delivery paths to a specified destination, transmitting a large fraction of data traffic from any source to the destination. These hinge ASes are the keys of Internet security and should be protected carefully. Finally, we verify the result by Route Views routing tables. © 2009 IEEE.

Jinjing Zhao,Yan Wen,Xiang Li,Wei Peng,Feng Zhao

DOI: https://doi.org/10.1109/cit.2012.90

2012-01-01

Abstract:The AS that hijacks a prefix can black hole and intercept all the hijacked traffic and thus, cause a denial-of-service attack or a man-in-the-middle attack against the prefix owner. There have been many incidents of IP prefix hijacking by BGP protocol in the Internet. In this paper, we conduct a systematic study on the impaction prefix hijacks launched at different position in the Internet hierarchy. The Internet is classified into three hierarchiescore layer, forwarding layer and marginal layer based on the power-law and commercial relations of autonomous systems (ASes). The impaction parameter, affected ASes set Nc, is analyzed for typical prefix hijacking events in different layers. The result shows that the hierarchical nature of network influences the prefix hijacking greatly.

Yujing Liu,Bin Dai,Peidong Zhu,Jinshu Su

DOI: https://doi.org/10.1007/978-3-642-22333-4_1

2011-01-01

Abstract:BGP prefix hijacking is one serious security threat to the Internet. In a hijacking attack, the attacker tries to convince as many ASes as possible to become infectors for redirecting data traffic to him instead of the victim. It is important to understand why the impact degree of prefix hijacking differs a lot in different attacks. In this paper, we present a trust propagation model to understand how ASes choose and propagate routes in the Internet; define AS Criticality to describe the ability of an AS for transmitting routing information; and evaluate impact of prefix hijacking attacks based on this metric. From the results of a large amount of simulations and analysis of real prefix hijacking incidents that occurred in the Internet, we find that only a few ASes have very high AS Criticality, and numerous ASes have very low Criticality. There is a tight relationship between the impact of attacks and the Criticality of infectors. For prefix hijacking attack, it is impactful to convince the most critical ASes to trust the false route forged by the attacker. And for prefix hijacking defense, it is effective to convince the most critical ASes to stick to the origin route announced by the victim.

Bofeng Zhang,Yuan Li,Yujing Liu,Jinshu Su

DOI: https://doi.org/10.1109/ICNSS.2011.6060023

2011-01-01

Abstract:BGP prefix hijacking is one of the main threatens for the Internet. It is important to identify the impact factors for prefix hijacking. This paper studies the problem from the view of AS logical topology by analysis of the data from the snapshots of CAIDA. We propose a hierarchical model based on AS relationship to classify the AS nodes into different level and define core size of each node to prioritize them in each level. Two metrics named infected number and infected diameter are introduced to analyze the relationship between the logical structural characters of AS node and the impact of prefix hijacking. The results show that core size, which reflects the relation of an AS node with Tier-1 AS nodes, and AS level are two main important factors. AS nodes in higher level or with bigger core size are able to infect more nodes. However, AS node in lower level has longer infected diameters. This phenomenon indicates that the prefix hijacking with attacker in lower level is harder to detect.

Yan Yang,Xingang Shi,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.1109/trustcom.2016.0068

2016-01-01

Abstract:The correct functioning of inter-domain routing is of vital importance to the ever expanding Internet. As a common threat to the Internet, prefix hijackings often hijack traffic destined to some Autonomous Systems(ASes), leading to routing black holes or traffic interception. In this paper, we study two typical categories of prefix hijackings, namely false origin hijacking and man-in-the-middle interception, by extensive simulations. Our simulations are based on a new model which takes both the hierarchical Internet structure and the AS connectivity degrees into consideration. With this model, we explore the attacking/hijacking power of different ASes and their resisting power to this attack, where different categories of hijackings exhibit different characteristics. In addition, we also confirm that our results still hold considering various factors in the real Internet, including hidden links, prefix distribution, and RPKI, a countermeasure to prefix hijackings that is undergoing an active deployment in inter-domain routing. Some explanations and case studies are given to help better understanding of our results, which we hope will facilitate the deployment of RPKI and inspire new research.

Yan Yang,Xia Yin,Xingang Shi,Zhiliang Wang,Jiong He,Tom Z. J. Fu,Marianne Winslett

DOI: https://doi.org/10.1016/j.comnet.2019.06.017

IF: 5.493

2019-01-01

Computer Networks

Abstract:As autonomous systems tend to forward packets along the path with minimal routing cost, Internet routes are unevenly distributed on physical links. Links which a large number of routes go through are called routing bottlenecks. Flooding such routing bottlenecks can degrade or even cut off the network connectivity in a large area, making them a serious vulnerability of the Internet. In this paper, we study the characteristics of inter-domain routing bottlenecks and point out that they can be further aggravated by manipulating BGP updates to launch prefix hijackings. We first simulate large quantities of AS-level routing paths to illustrate the pervasiveness of inter-domain routing bottlenecks, as well as their direction, topological location, distance and concentration. Then, we propose a method for measuring and aggravating inter-domain bottlenecks of some AS, such that link flooding on them can be effectively amplified in a stealthy way. Moreover, adversary can adjust the specific method according to its purpose of malicious behaviour. At last, we discuss how inter-domain routing bottlenecks may be affected as the Internet evolves, where we witness the new, or wider, deployment of some routing related mechanisms.

Xingang Shi,Yang Xiang,Zhiliang Wang,Xia Yin,Jianping Wu

DOI: https://doi.org/10.1145/2398776.2398779

2012-01-01

Abstract:Border Gateway Protocol (BGP) plays a critical role in the Internet inter-domain routing reliability. Invalid routes generated by mis-configurations or forged by malicious attacks may hijack the traffic and devastate the Internet routing system, but it is unlikely that a secure BGP can be deployed in the near future to completely prevent them. Although many hijacking detection systems have been developed, they more or less have weaknesses such as long detection delay, high false alarm rate and deployment difficulty, and no systematic detection results have been studied. This paper proposes Argus, an agile system that can accurately detect prefix hijackings and deduce the underlying cause of route anomalies in a very fast way. Argus is based on correlating the control and data plane information closely and pervasively, and has been continuously monitoring the Internet for more than one year. During this period, around 40K routing anomalies were detected, from which 220 stable prefix hijackings were identified. Our analysis on these events shows that, hijackings that have only been theoretically studied before do exist in the Internet. Although the frequency of new hijackings is nearly stable, more specific prefixes are hijacked more frequently. Around 20% of the hijackings last less than ten minutes, and some can pollute 90% of the Internet in less than two minutes. These characteristics make \emph{Argus} especially useful in practice. We further analyze some representative cases in detail to help increase the understanding of prefix hijackings in the Internet.

Liu Yujing,Li Yuan,Zhang, Bofeng,Su Jinshu

DOI: https://doi.org/10.1109/icise.2010.5688973

2010-01-01

Abstract:BGP prefix hijacking is a sort of security threaten of the Internet. The current effort on hijacking defense is to deploy filters for hijacking route on the edge of the Internet. In order to reduce the deployment cost of defense filter, we proposed an AS path betweenness based filter policy. By simulating a large amount of prefix hijacking experiments, we found that deploying defense filters on the core of the Internet is an effective and efficient way to gain high resilience of the network.

Jun He,Yahui Li,Han Zhang,Ming Wang,Changqing An,Jilong Wang

DOI: https://doi.org/10.1109/icc45041.2023.10278923

2023-01-01

Abstract:Prefix hijackings have always been a significant security issue in BGP and have continued to occur in recent years. Detecting prefix hijackings is a vital part of defending against them. Most detection approaches mainly rely on the feed from the monitors of public route collector infrastructures. We propose an injected sub-prefix hijacking that utilizes the BGP communities attribute and AS path poisoning to control the propagation of invalid sub-prefix routes. This attack only pollutes neighboring ASes, thus guaranteeing the invisibility to monitors. Then the attacker can stealthily hijack traffic passing through the polluted ASes. Through extensive simulations, we show that this attack has an enormous impact and propose the crucial indicator affecting the attacker's capability. Finally, we demonstrate that existing defenses are difficult to handle this attack and then propose several defense strategies against it.

Wenping Deng,Peidong Zhu,Xicheng Lu,Bernhard Plattner

DOI: https://doi.org/10.4304/jcm.5.1.13-22

2010-01-01

Abstract:The routing system is playing a critical role in the Internet. Numerous routing security events reveal that the Internet is not so dependable yet. Some hackers even boasted that they could bring down the whole Internet in a short time. This paper investigates a new attack on BGP routing system inspired from synchronization and resonance in complex system. The attack applies routing stress by periodically injecting and propagating excessive BGP routing advertisements which are beyond the processing ability and the storage capacity of the BGP routers in the routing system. Our contributions are twofold. First, we describe a BGP routing stress attack method inspired from synchronization and resonance of complex network. Second, we devise a cascading failure model to evaluate the robustness under BGP routing stress attack on the real Internet AS-level topology. We measure the dependability and the connectivity under cascading failures with three metrics: the proportion of failed ASes, the proportion of failed links, and the proportion of disconnected AS-AS pairs. Our experimental results show that BGP routing stress attack can eventually lead to a high proportion of failures and bring about serious impacts on the connectivity of the Internet routing system.

Yujing Liu,Wei Peng,Jinshu Su

DOI: https://doi.org/10.1109/trustcom.2011.127

IF: 1.968

2013-01-01

Security and Communication Networks

Abstract:Due to the great dependence on Internet routing infrastructure, cloud services are vulnerable to IP prefix hijacking attacks which can destroy the confidentiality and integrity of user data. It is important to understand what impact a prefix hijacking attack can cause and how the number and locations of participants can affect the attacking results. In this paper, considering both attacking and detecting, we innovatively model this problem as an attack planning task, and solve it by applying a genetic algorithm. By analyzing the best solution to the problem, we find that the type of victims plays a more important role in IP prefix hijacking than that of attackers. We also find that attackers can gain great impact even when the prefixes of a small number of victims are hijacked. For attack planning, the degree of an AS is a major criterion to be considered. These findings are useful for securing cloud computing networks by preventing and eliminating IP prefix hijacking.

LI Song,ZHUGE Jian-Wei,LI Xing

DOI: https://doi.org/10.3724/sp.j.1001.2013.04346

2013-01-01

Journal of Software

Abstract:BGP is a core Internet routing protocol.The Internet inter-domain routing relies on the exchange of BGP routing information.BGP has significant vulnerabilities,which have been found to cause problems such as prefix hijacking,route leak and Internet-targeted denial of service attack.First,by analyzing BGP route propagation and BGP routing policies,the fundamental flaw in the design of the protocol is revealed.The paper then discusses possible threats to BGP and presents a route leak model,which contributes to the description of its characteristics.Second,the existing defense mechanisms for BGP security are generalized,and their shortcomings are exposed.The paper then classifies various BGP security-enhancing technologies and studies them in detail to explore their advantages and disadvantages.Finally,the research trends of BGP security are discussed in this paper.

Yang Xiang,Zhiliang Wang,Xia Yin,Jianping Wu

DOI: https://doi.org/10.1109/ICNP.2011.6089080

2011-01-01

Abstract:The de facto inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the Internet routing reliability. Invalid routes generated by mis-configurations or malicious attacks will devastate the Internet routing system. In the near future, deploying a secure BGP in the Internet to completely prevent hijacking is impossible. As a result, lots of hijacking detection systems have emerged. However, they have more or less weaknesses such as long detection delay, high false alarm rate or deploy hardness. This paper proposes Argus, an agile system to fast and accurate detect prefix hijacking. Argus already keeps on running in the Internet for two months and identified several possible hijackings. Initial results show that it usually discovers a hijacking in less than ten seconds, and can significantly decrease the false alarm rate.

Wenping Deng,Peidong Zhu,Xicheng Lu

DOI: https://doi.org/10.6138/jit.2011.12.4.10

2011-01-01

Abstract:In Internet routing, an Autonomous System (AS) is a legitimate origin AS of an IP prefix only if it is authorized by the prefix owner to originate this prefix. However, on the one hand, the Border Gateway Protocol (BGP) itself cannot validate whether an AS has the authority to originate a given IP prefix; on the other hand, the routing registry information in Regional Internet Registry (RIR) or Internet Routing Registry (IRR) is incomplete and outdated. Consequently, there are lots of erroneous and prefix hijacking attacks disrupting the Internet routing. To validate whether an AS is in fact authorized to originate an IP prefix, we propose a novel approach by evaluating the trustworthiness of prefix-AS mappings from large collections of history BGP routing information. Drawing further on this, we present a scalable scheme for evaluating the trustworthiness of arbitrary prefix-AS mappings and tracing the evidences to validate these prefix announcements. We apply our methods on large-scale collections of prefix-AS mappings from continuous BGP routing snapshots of RouteViews, and verify our method with well-known prefix hijacking events. The results reveal that illegitimate prefix announcements can be detected and validated by the proposed methods.

Meng Meng,Ruijuan Zheng,Mingchuan Zhang,Junlong Zhu,Qingtao Wu

DOI: https://doi.org/10.1007/978-3-030-38961-1_12

2019-01-01

Abstract:The Border Gateway Protocol (BGP) is a vital protocol on the Internet. However, the BGP is susceptible against the prefix interception attack, how to seek a secure route against prefix interception attacks is an important problem. For this reason, we propose a novel and effective router selection method on the Internet. First, we evaluate resilience of autonomous systems against prefix interception attacks. Second, we evaluate security risk of next-hop routers and we also obtain the historical performance of next-hop routers via online learning. Finally, we compromise the two performance metrics of routers' resilience and historical performance to choose a secure route. Our method is verified by network simulations. The results show that the proposed method has more resilience against prefix interception attacks.

Qi Li,Jiajia Liu,Yih-Chun Hu,Mingwei Xu,Jianping Wu

DOI: https://doi.org/10.1109/mnet.2018.1800171

IF: 10.294

2019-01-01

IEEE Network

Abstract:The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Wenjie Xu,Deliang Chang,Xing Li

2019-01-01

Abstract:BGP is the default inter-domain routing protocol in today's Internet, but has serious security vulnerabilities [1]. One of them is (sub)prefix hijacking. IETF standardizes RPKI to validate the AS origin but RPKI has a lot of problems [2] [3] [4] [5], among which is potential false alarm. Although some previous work [4] [2] points it out explicitly or implicitly, further measurement and analysis remain to be done. Our work measures and analyzes the invalid prefixes systematically. We first classify the invalid prefixes into six different types and then analyze their stability. We show that a large proportion of the invalid prefixes very likely result from traffic engineering, IP address transfer and failing to aggregate rather than real hijackings.

Yujing Liu,Wei Peng,Jinshu Su,Zhilin Wang

DOI: https://doi.org/10.1007/s00354-014-0403-8

2014-01-01

New Generation Computing

Abstract:The Internet is a typical complex network, whose traffic load is controlled by the inter-domain routing system. Due to the co-location of data plane and control plane of Border Gateway Protocol, the survivability of inter-domain routing system is sensitive to severe congestion. Therefore, an initial outage may lead to a cascade of failures in the Internet. But the cascading failures on links are able to be automatically restored when the congestion is mitigated. In this paper, we propose a model - CAFEIN for characterizing this special process. Based on CAFEIN, we assess the difference of impact under intentional attacks and random breakdowns; identify the worst affected part of the Internet; and study the propagation of cascading failures. Through simulations, we find that the cascading failures bring a great deal of added burden to the routing system. However, the cascading effect is amplified globally when the relative capacity of links is very low. Moreover, the difference of impact between intentional attack and random breakdown is not as prominent as previous research due to the unique automatic-restoration process.

yujing liu,wei peng,jinshu su,zhilin wang

DOI: https://doi.org/10.1007/978-3-642-53959-6_10

2013-01-01

Abstract:The Internet is designed to bypass failures by rerouting around connectivity outages. Consequently, dynamical redistribution of loads may result in congestion in other networks. Due to the co-location of data plane and control plane traffic of Border Gateway Protocol (BGP), the survivability of inter-domain routing system is sensitive to severe congestion. Therefore, an initial outage may lead to a cascade of failures in the Internet. In this paper, we characterize the survivability of inter-domain routing system by reachability and number of rerouting messages, and propose a model for studying the relationship between the survivability and the capacity of AS links under intentional attacks and random breakdowns. Through simulations on an empirical topology of the Internet, we find that the cascading failures bring a great deal of added burden to almost all the core ASes. When the tolerance parameter of AS links is less than 0.1, the cascading effect tends to be amplified globally. Moreover, the effect triggered by intentional attack is greater than that triggered by random breakdown. But the difference between them is not as prominent as previous research due to the unique automatic-restoration process in inter-domain routing system.

Yi GUO,Haixin DUAN,Liancheng ZHANG,Han QIU

DOI: https://doi.org/10.1360/n112016-00160

2017-01-01

Abstract:BGP (border gateway protocol) based inter-domain routing systems play an important role in the Internet. However, the BGP has certain design flaws, which result in many serious security problems for inter-domain routing systems. Compared to traditional attacks, such as prefix hijacking, large-scale LDoS attacks against inter-domain routing systems are extremely hard to detect, which is reflected in its attack traffic and reactions appearing to be legal. The concealment of such attacks makes existing security solutions insufficient. In this paper, we first analyze the feasibility of utilizing similarity theory for assessing the security situations in inter-domain routing systems. We then propose a similarity-theory-based method for evaluating the security situations in inter-domain routing systems. It uses multiple characteristics to describe the system security situation collectively and evaluates the security situation by measuring the deviation degree of the security characteristics to their norms. Because the ability of each characteristic to represent different attacks is not the same, we make use of weighted similarity to assess the deviation of the fusion characteristics from their normal state at various times. Experimental results show that our method can perceive threats in their early stages, regardless of an inter-domain routing system suffering from control plan attacks or data plan attacks.