Detection of BGP routing misbehavior against cyber-terrorism

Georgos Siganos, Michails Faloutsos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Attacks at the control and routing plane may be the next generation of threats for the Internet. Manipulation of the routing layer could originate from profiteering, malice, or simply human error. The community has recognized this danger and several promising approaches have been proposed to capture and block routing anomalies. In practice, the difficulty of deploying such approaches limits their usefulness. Our goal is to develop a scheme that can have immediate impact today. In this light, we propose a reactive approach that can help reduce the extent and impact of routing misbehaviors. We develop an approach and a tool to act as an expert advisor that will flag suspicious updates. Our main motivation is that problems spread quickly, so quick reaction is imperative. Additionally, the volume of routing updates makes it impossible for humans operators to manually identify malicious updates. Our approach uses the policies that Autonomous Systems register in the Internet Routing Registries. We use the policy of an AS as found in these registries to detect deviations between the intended policy and the actual policy seen in BGP. As a proof of concept, we use the RIPE registry to monitor the European Internet routing for ten days. With our approach, we are able to confirm the validity of the origin AS of 97% of the updates, while suggesting the need for further analysis of the remaining 3% of the updates.

Original languageEnglish
Title of host publicationProceedings - IEEE Military Communications Conference MILCOM
Volume2005
DOIs
Publication statusPublished - 1 Dec 2005
Externally publishedYes
EventMILCOM 2005: Military Communications Conference 2005 - Atlatnic City, NJ, United States
Duration: 17 Oct 200520 Oct 2005

Other

OtherMILCOM 2005: Military Communications Conference 2005
CountryUnited States
CityAtlatnic City, NJ
Period17/10/0520/10/05

Fingerprint

Terrorism
Internet

ASJC Scopus subject areas

  • Civil and Structural Engineering
  • Electrical and Electronic Engineering

Cite this

Siganos, G., & Faloutsos, M. (2005). Detection of BGP routing misbehavior against cyber-terrorism. In Proceedings - IEEE Military Communications Conference MILCOM (Vol. 2005). [1605798] https://doi.org/10.1109/MILCOM.2005.1605798

Detection of BGP routing misbehavior against cyber-terrorism. / Siganos, Georgos; Faloutsos, Michails.

Proceedings - IEEE Military Communications Conference MILCOM. Vol. 2005 2005. 1605798.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Siganos, G & Faloutsos, M 2005, Detection of BGP routing misbehavior against cyber-terrorism. in Proceedings - IEEE Military Communications Conference MILCOM. vol. 2005, 1605798, MILCOM 2005: Military Communications Conference 2005, Atlatnic City, NJ, United States, 17/10/05. https://doi.org/10.1109/MILCOM.2005.1605798
Siganos G, Faloutsos M. Detection of BGP routing misbehavior against cyber-terrorism. In Proceedings - IEEE Military Communications Conference MILCOM. Vol. 2005. 2005. 1605798 https://doi.org/10.1109/MILCOM.2005.1605798
Siganos, Georgos ; Faloutsos, Michails. / Detection of BGP routing misbehavior against cyber-terrorism. Proceedings - IEEE Military Communications Conference MILCOM. Vol. 2005 2005.
@inproceedings{4247a84bc7f04726be60b9fd7f085cd8,
title = "Detection of BGP routing misbehavior against cyber-terrorism",
abstract = "Attacks at the control and routing plane may be the next generation of threats for the Internet. Manipulation of the routing layer could originate from profiteering, malice, or simply human error. The community has recognized this danger and several promising approaches have been proposed to capture and block routing anomalies. In practice, the difficulty of deploying such approaches limits their usefulness. Our goal is to develop a scheme that can have immediate impact today. In this light, we propose a reactive approach that can help reduce the extent and impact of routing misbehaviors. We develop an approach and a tool to act as an expert advisor that will flag suspicious updates. Our main motivation is that problems spread quickly, so quick reaction is imperative. Additionally, the volume of routing updates makes it impossible for humans operators to manually identify malicious updates. Our approach uses the policies that Autonomous Systems register in the Internet Routing Registries. We use the policy of an AS as found in these registries to detect deviations between the intended policy and the actual policy seen in BGP. As a proof of concept, we use the RIPE registry to monitor the European Internet routing for ten days. With our approach, we are able to confirm the validity of the origin AS of 97{\%} of the updates, while suggesting the need for further analysis of the remaining 3{\%} of the updates.",
author = "Georgos Siganos and Michails Faloutsos",
year = "2005",
month = "12",
day = "1",
doi = "10.1109/MILCOM.2005.1605798",
language = "English",
isbn = "0780393937",
volume = "2005",
booktitle = "Proceedings - IEEE Military Communications Conference MILCOM",

}

TY - GEN

T1 - Detection of BGP routing misbehavior against cyber-terrorism

AU - Siganos, Georgos

AU - Faloutsos, Michails

PY - 2005/12/1

Y1 - 2005/12/1

N2 - Attacks at the control and routing plane may be the next generation of threats for the Internet. Manipulation of the routing layer could originate from profiteering, malice, or simply human error. The community has recognized this danger and several promising approaches have been proposed to capture and block routing anomalies. In practice, the difficulty of deploying such approaches limits their usefulness. Our goal is to develop a scheme that can have immediate impact today. In this light, we propose a reactive approach that can help reduce the extent and impact of routing misbehaviors. We develop an approach and a tool to act as an expert advisor that will flag suspicious updates. Our main motivation is that problems spread quickly, so quick reaction is imperative. Additionally, the volume of routing updates makes it impossible for humans operators to manually identify malicious updates. Our approach uses the policies that Autonomous Systems register in the Internet Routing Registries. We use the policy of an AS as found in these registries to detect deviations between the intended policy and the actual policy seen in BGP. As a proof of concept, we use the RIPE registry to monitor the European Internet routing for ten days. With our approach, we are able to confirm the validity of the origin AS of 97% of the updates, while suggesting the need for further analysis of the remaining 3% of the updates.

AB - Attacks at the control and routing plane may be the next generation of threats for the Internet. Manipulation of the routing layer could originate from profiteering, malice, or simply human error. The community has recognized this danger and several promising approaches have been proposed to capture and block routing anomalies. In practice, the difficulty of deploying such approaches limits their usefulness. Our goal is to develop a scheme that can have immediate impact today. In this light, we propose a reactive approach that can help reduce the extent and impact of routing misbehaviors. We develop an approach and a tool to act as an expert advisor that will flag suspicious updates. Our main motivation is that problems spread quickly, so quick reaction is imperative. Additionally, the volume of routing updates makes it impossible for humans operators to manually identify malicious updates. Our approach uses the policies that Autonomous Systems register in the Internet Routing Registries. We use the policy of an AS as found in these registries to detect deviations between the intended policy and the actual policy seen in BGP. As a proof of concept, we use the RIPE registry to monitor the European Internet routing for ten days. With our approach, we are able to confirm the validity of the origin AS of 97% of the updates, while suggesting the need for further analysis of the remaining 3% of the updates.

UR - http://www.scopus.com/inward/record.url?scp=33847407462&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33847407462&partnerID=8YFLogxK

U2 - 10.1109/MILCOM.2005.1605798

DO - 10.1109/MILCOM.2005.1605798

M3 - Conference contribution

SN - 0780393937

SN - 9780780393936

VL - 2005

BT - Proceedings - IEEE Military Communications Conference MILCOM

ER -