loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Hussain Alshamrani and Bogdan Ghita

Affiliation: Plymouth University, United Kingdom

Keyword(s): RIPE Database, ASNs and IP Prefix Delegators, Information Correlation, False Positives.

Related Ontology Subjects/Areas/Topics: Data Communication Networking ; Information and Systems Security ; Internet Technologies ; Network Protocols ; Network Security ; Telecommunications ; Wireless Network Security

Abstract: In spite of significant on-going research, the Border Gateway Protocol (BGP) still encompasses conceptual vulnerability issues regarding impersonating the ownership of IP prefixes for ASes (Autonomous Systems). In this context, a number of research studies focused on securing BGP through historical-based and statistical-based behavioural models. This paper improves the earlier IP prefix hijack detection method presented in (Alshamrani et al. 2015) by identifying false positives showing up due to the organisations that may use multiple ASNs (Autonomous System Numbers) to advertise their routes. To solve this issue, we link a Verification Database to the previously proposed detection method to improve the accuracy. The method extracts the organisation names (unique code) and associated ASNs from different ASN delegators and RIRs (Regional Internet Registries), more specifically the RIPE (Reseaux IP Europeans) dump database (John Stamatakis 2014) in order to evaluate the method. Since t he organisation name is not available in the BGP updates, the data are extracted and processed to produce a structured database (Verification DB). The algorithm excludes false positive IP prefix hijack detection events in the SFL (Suspicious Findings List) introduced in (Alshamrani et al. 2015). Finally, the algorithm is validated using the 2008 YouTube Pakistan hijack event and the Con-Edison hijack (2006); the analysis demonstrates that the improved algorithm qualitatively increases the accuracy of detecting the IP prefix hijacks, specifically reducing the false positives. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.224.70.11

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Alshamrani, H. and Ghita, B. (2016). Improving IP Prefix Hijacking Detection by Tracing Hijack Fingerprints and Verifying Them through RIR Databases. In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - DCNET; ISBN 978-989-758-196-0; ISSN 2184-3236, SciTePress, pages 57-63. DOI: 10.5220/0005934200570063

@conference{dcnet16,
author={Hussain Alshamrani. and Bogdan Ghita.},
title={Improving IP Prefix Hijacking Detection by Tracing Hijack Fingerprints and Verifying Them through RIR Databases},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - DCNET},
year={2016},
pages={57-63},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005934200570063},
isbn={978-989-758-196-0},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - DCNET
TI - Improving IP Prefix Hijacking Detection by Tracing Hijack Fingerprints and Verifying Them through RIR Databases
SN - 978-989-758-196-0
IS - 2184-3236
AU - Alshamrani, H.
AU - Ghita, B.
PY - 2016
SP - 57
EP - 63
DO - 10.5220/0005934200570063
PB - SciTePress