LDC: Detecting BGP prefix hijacking by load distribution change

Yujing Liu, Jinshu Su, Kow Chuen Chang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

5 Citations (Scopus)

Abstract

BGP prefix hijacking remains a serious security threat to the Internet. Despite many detection mechanisms have been proposed, few of them are practically deployed in a large scale. Inaccuracy of detection and inefficiency of deployment are two major causing problems. In this paper, based on the key observation that the distribution of traffic load to a prefix will change unusually after the prefix is hijacked, we present a system LDC to detect BGP prefix hijacking by passively monitoring Load Distribution Change on direct providers of prefix's owner, with the purpose of Leveraging Data-plane information to detect Control-plane problem. Through large amount of simulations of hijacking attacks and AS failure events based on empirical data, we evaluate the accuracy of LDC under different deployment situations, moreover, gain useful insights about choosing detection threshold accordingly.
Original languageEnglish
Title of host publicationProceedings of the 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops, IPDPSW 2012
Pages1197-1203
Number of pages7
DOIs
Publication statusPublished - 18 Oct 2012
Event2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops, IPDPSW 2012 - Shanghai, China
Duration: 21 May 201225 May 2012

Conference

Conference2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops, IPDPSW 2012
Country/TerritoryChina
CityShanghai
Period21/05/1225/05/12

Keywords

  • BGP prefix hijacking
  • detection
  • direct provider
  • load distribution

ASJC Scopus subject areas

  • Software

Cite this