Publication Type : Journal Article
Thematic Areas : Amrita Center for Cybersecurity Systems and Networks
Publisher : Advances in Intelligent Systems and Computing
Source : Advances in Intelligent Systems and Computing, Springer Verlag, Volume 515, p.767-775 (2017)
Url : https://www.scopus.com/inward/record.uri?eid=2-s2.0-85015951639&doi=10.1007%2f978-981-10-3153-3_76&partnerID=40&md5=3f3fe3a635ac05d23a631e2fb72eb904
ISBN : 9789811031526
Keywords : Anomaly detection, AS paths, Border gateway protocol, Computation theory, Gateways (computer networks), Intelligent computing, N-grams, Routing protocols, Weighted edit distance
Campus : Amritapuri
School : Centre for Cybersecurity Systems and Networks
Center : Cyber Security
Department : cyber Security
Year : 2017
Abstract : BGP (Border Gateway Protocol) is one of the core internet backbone protocols, which were designed to address the large-scale routing among the ASes (Autonomous System) in order to ensure the reachability among them. However, an attacker can inject update messages into the BGP communication from the peering BGP routers and those routing information will be propagated across the global BGP routers. This could cause disruptions in the normal routing behavior. Specially crafted BGP messages can reroute the traffic path from a source ASN to a specific destination ASN via another path and this attack is termed as AS Path Hijacking. This research work is focused on the detection of suspicious deviation in the AS path between a source and destination ASNs, by analyzing the BGP update messages that are collected by passive peering to the BGP routers. The research mainly focuses on identifying the AS Path Hijacking by quantifying: (1). How far the deviation occurred for a given AS Path and (2). How much credible is the deviated AS path. We propose a novel approach to calculate the deviation occurred by employing weighted edit distance algorithm. A probability score using n-gram frequency is used to determine credibility of the path. Both the scores are correlated together to determine whether a given AS Path is suspicious or not. The experimental results show that our approach is capable of identifying AS path hijacks with low false positives. © Springer Nature Singapore Pte Ltd. 2017.
Cite this Research Publication : A. U. Prem Sankar, Poornachandran, P., Ashok, A., Manu, R. K., and Hrudya, P., “B-secure: A dynamic reputation system for identifying anomalous BGP paths”, Advances in Intelligent Systems and Computing, vol. 515, pp. 767-775, 2017.