Research Article
Online Detection of Concurrent Prefix Hijacks
@INPROCEEDINGS{10.1007/978-3-319-23802-9_8, author={Shen Su and Beichuan Zhang and Binxing Fang}, title={Online Detection of Concurrent Prefix Hijacks}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part II}, proceedings_a={SECURECOMM}, year={2015}, month={12}, keywords={Prefix hijack False positive Online detection}, doi={10.1007/978-3-319-23802-9_8} }- Shen Su
Beichuan Zhang
Binxing Fang
Year: 2015
Online Detection of Concurrent Prefix Hijacks
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23802-9_8
Abstract
Prefix hijacking is a major security threat to the global Internet routing system. Concurrent prefix hijack detection has been proven to be an effective method to defend routing security. However, the existing concurrent prefix hijack detection scheme considers no prefix ownership changes, and online concurrent prefix hijack detection endures seriously false positive. In this paper, we study the possible characters to filter out false positive events generated online by machine learning, and apply such characters in the online detection. Our result shows that our refined online concurrent prefix hijack detection can detect all offline detected events with no false positive. We also confirm that (1) neighboring ASes seldom hijack each other’s prefixes; (2) large ISPs seldom suffer from prefix hijacks or conduct hijacks.
