IP prefix hijacking detection using the collection of as characteristics

摘要

IP prefix hijacking is a well-known security threat that corrupts Internet routing tables and has some common characteristics such as MOAS conflicts and invalid routes in BGP messages. We propose a simple but effective IP prefix hijacking detection method which is based on reachability monitoring. Network reachability means a characteristic that a packet must reach the destination network although the network path is changed due to routing instability. However, when IP prefix hijacking occurs, the traffic sent to victim network does not reach the intended destination but is delivered to attacker network. By identifying the characteristics of the destination network such as network fingerprints, we can know whether the traffic reach the correct destination. In this paper, we present the method of collecting network fingerprints for verifying destination reachability and also propose an IP prefix hijacking detection method using the collected fingerprints. The IP prefix hijacking detection method based on network reachability is effective and useful, which uses a simple active probing and denotes a present network condition.