PHDS: IP Prefix Hijack Detection System
Abstract
Border Gateway Protocol (BGP) is the routing protocol for routing information between autonomous systems (AS) on the Internet. Back in 1989, BGP was not developed with a security perspective. Therefore, there are many security concerns regarding BGP, and it is highly vulnerable to malicious attacks. Due to rapid development in Internet technology, the Internet is filled with malicious users. It is not challenging to hijack someone's address space and use it for malicious activities such as denial-of-service attacks (DoS attacks) and spamming. Our aim behind this research work is to figure out and discuss all the techniques regarding BGP prefix hijacking and design a system that can be used to detect IP prefix hijacking attacks and facilitate mitigation. In this type of hijack attack, to avoid Multiple Origin AS (MOAS) conflicts, the attacker announces a hijacked prefix with AS number belongs to victim AS; this creates the illusion that BGP speaker has a direct connection with victim AS. To accurately detect IP prefix hijack attacks, we design a system called Prefix Hijack Detection System (PHDS). To test our system, we have collected all the Autonomous Systems (ASes) of Pakistan and their prefixes using RIPEstat API. PHDS collect BGP updates for every prefix using RIPEstat API. To monitor all 5,845 prefixes of Pakistan, we have collected 3.35 million BGP updates; all this data is collected from November 03, 2018, to November 20, 2018. We have monitored these prefixes through PHDS and found our system correctly detecting all types of IP prefix hijacks. Therefore, this system is useful for early detection of IP prefix hijack attacks. PHDS detects 47,223 malicious updates out of 3.35 million BGP updates. PHDS detected 983 unique IP prefix hijack attacks from 47,223 malicious updates. Hijack, a prefix, and it's AS is the most common type of attack; PHDS detected 983 prefix hijack attacks, and out of these, 898 are hijacked a prefix, and its AS.
Copyright (c) 2021 Pakistan Journal of Engineering and Technology
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
COPYRIGHT POLICY
UOL journals follow an open-access publishing policy and full text of all articles is available free, immediately upon acceptance. Articles are published and distributed under the terms of the CC BY-SA 4.0 International License. Thus, work submitted to UOL Journals implies that it is original, unpublished work of the authors; neither published previously nor accepted/under consideration for publication elsewhere.
Authors will be responsible for any information written/informed/reported in the submitted manuscript. Although we do not require authors to submit the data collection documents and coded sheets used to do quantitative or qualitative analysis, we may request it at any time during the publication process, including after the article has been published. It is author's responsibility to obtain signed permission from the copyright holder to use and reproduce text, illustrations, tables, etc., published previously in other journals, electronic or print media.
Conflict of interest statements will be published at the end of the article. If no conflict of interest exists, the following sentence will be used: "The authors declare no conflict of interest." Authors are required to disclose any sponsorship or funding received from any institution relating to their research. The editor(s) will determine what disclosures, if any, should be available to the readers.
Authors are not permitted to post the work on any website/blog/forum/board or at any other place, by any means, from the time such work is submitted to UOL journals until the final decision on the paper has been given to them. In case a paper is accepted for publication, the authors may not post the work in its entirety on any website/blog/forum/board or at any other place, by any means, till the paper is published in UOL Journals.
The authors may, however, post the title, authors’ names and their affiliations and abstract, with the following statement on the first page of the paper - "The manuscript has been accepted for publication in UOL Journals". After publication of the article, it may be posted anywhere with full journal citation included.
All articles published in UOL journals are open-access articles, published and distributed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License which permits remixing, transformation, or building upon the material, provided the original work is appropriately cited mentioning the authors and the publisher, as well as the produced work is distributed under the same license as the original.
In the future, UOL may reproduce printed copies of articles in any form. Without prejudice to the terms of the license given below, we retain the right to reproduce author's articles in this way.
Brief Summary Of The License Agreement
By submitting your research article(s) to UOL Journal(s), you agree to Creative Commons Attribution-ShareAlike 4.0 International License which states that:
Anyone is free:
o To copy and redistribute the material in any medium or format
o To remix, transform, or build upon the material for any purpose, even commercially
Provided:
o The author and the publisher have been appropriately credited
o The link to license is provided
o Indicated if any changes were made
o The material produced is distributed under the same license as the original