Detection of BGP routing misbehavior against cyber-terrorism

Georgos Siganos, Michails Faloutsos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Attacks at the control and routing plane may be the next generation of threats for the Internet. Manipulation of the routing layer could originate from profiteering, malice, or simply human error. The community has recognized this danger and several promising approaches have been proposed to capture and block routing anomalies. In practice, the difficulty of deploying such approaches limits their usefulness. Our goal is to develop a scheme that can have immediate impact today. In this light, we propose a reactive approach that can help reduce the extent and impact of routing misbehaviors. We develop an approach and a tool to act as an expert advisor that will flag suspicious updates. Our main motivation is that problems spread quickly, so quick reaction is imperative. Additionally, the volume of routing updates makes it impossible for humans operators to manually identify malicious updates. Our approach uses the policies that Autonomous Systems register in the Internet Routing Registries. We use the policy of an AS as found in these registries to detect deviations between the intended policy and the actual policy seen in BGP. As a proof of concept, we use the RIPE registry to monitor the European Internet routing for ten days. With our approach, we are able to confirm the validity of the origin AS of 97% of the updates, while suggesting the need for further analysis of the remaining 3% of the updates.

Original languageEnglish
Title of host publicationProceedings - IEEE Military Communications Conference MILCOM
Volume2005
DOIs
Publication statusPublished - 1 Dec 2005
Externally publishedYes
EventMILCOM 2005: Military Communications Conference 2005 - Atlatnic City, NJ, United States
Duration: 17 Oct 200520 Oct 2005

Other

OtherMILCOM 2005: Military Communications Conference 2005
CountryUnited States
CityAtlatnic City, NJ
Period17/10/0520/10/05

    Fingerprint

ASJC Scopus subject areas

  • Civil and Structural Engineering
  • Electrical and Electronic Engineering

Cite this

Siganos, G., & Faloutsos, M. (2005). Detection of BGP routing misbehavior against cyber-terrorism. In Proceedings - IEEE Military Communications Conference MILCOM (Vol. 2005). [1605798] https://doi.org/10.1109/MILCOM.2005.1605798