Show simple item record

dc.contributor.author
Milolidakis, Alexandros
dc.contributor.author
Bühler, Tobias
dc.contributor.author
Wang, Kunyu
dc.contributor.author
Chiesa, Marco
dc.contributor.author
Vanbever, Laurent
dc.contributor.author
Vissicchio, Stefano
dc.date.accessioned
2023-05-04T09:49:41Z
dc.date.available
2023-04-29T03:03:26Z
dc.date.available
2023-05-04T09:49:41Z
dc.date.issued
2023
dc.identifier.issn
2169-3536
dc.identifier.other
10.1109/ACCESS.2023.3261128
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/610074
dc.identifier.doi
10.3929/ethz-b-000610074
dc.description.abstract
Routing hijack attacks have plagued the Internet for decades. After many failed mitigation attempts, recent Internet-wide BGP monitoring infrastructures relying on distributed route collection systems, called route collectors, give us hope that future monitor systems can quickly detect and ultimately mitigate hijacks. In this paper, we investigate the effectiveness of public route collectors with respect to future attackers deliberately engineering longer hijacks to avoid being recorded by route collectors. Our extensive simulations (and attacks we device) show that monitor-based systems may be unable to observe many carefully crafted hijacks diverting traffic from thousands of ASes. Hijackers could predict whether their attacks would propagate to some BGP feeders (i.e., monitors) of public route collectors. Then, manipulate BGP route propagation so that the attack never reaches those monitors. This observation remains true when considering plausible future Internet topologies, with more IXP links and up to 4 times more monitors peering with route collectors. We then evaluate the feasibility of performing hijacks not observed by route collectors in the real-world. We experiment with two classifiers to predict the monitors that are dangerous to report the attack to route collectors, one based on monitor proximities (i.e., shortest path lengths) and another based on Gao-Rexford routing policies. We show that a proximity-based classifier could be sufficient for the hijacker to identify all dangerous monitors for hijacks announced to peer-to-peer neighbors. For hijacks announced to transit networks, a Gao-Rexford classifier reduces wrong inferences by $\ge 91\%$ without introducing new misclassifications for existing dangerous monitors.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
IEEE
en_US
dc.rights.uri
http://creativecommons.org/licenses/by/4.0/
dc.subject
BGP
en_US
dc.subject
BGP hijacking
en_US
dc.subject
stealthy IP prefix hijacking
en_US
dc.subject
inter-domain routing
en_US
dc.subject
routing policies
en_US
dc.subject
route collectors
en_US
dc.subject
forged AS path
en_US
dc.subject
BGP monitoring
en_US
dc.subject
BGPStream
en_US
dc.title
On the Effectiveness of BGP Hijackers That Evade Public Route Collectors
en_US
dc.type
Journal Article
dc.rights.license
Creative Commons Attribution 4.0 International
dc.date.published
2023-03-23
ethz.journal.title
IEEE Access
ethz.journal.volume
11
en_US
ethz.pages.start
31092
en_US
ethz.pages.end
31124
en_US
ethz.version.deposit
publishedVersion
en_US
ethz.identifier.wos
ethz.publication.place
New York, NY
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02640 - Inst. f. Technische Informatik und Komm. / Computer Eng. and Networks Lab.::09477 - Vanbever, Laurent / Vanbever, Laurent
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02640 - Inst. f. Technische Informatik und Komm. / Computer Eng. and Networks Lab.::09477 - Vanbever, Laurent / Vanbever, Laurent
ethz.date.deposited
2023-04-29T03:03:34Z
ethz.source
WOS
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2024-02-02T22:35:00Z
ethz.rosetta.lastUpdated
2024-02-02T22:35:00Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=On%20the%20Effectiveness%20of%20BGP%20Hijackers%20That%20Evade%20Public%20Route%20Collectors&rft.jtitle=IEEE%20Access&rft.date=2023&rft.volume=11&rft.spage=31092&rft.epage=31124&rft.issn=2169-3536&rft.au=Milolidakis,%20Alexandros&B%C3%BChler,%20Tobias&Wang,%20Kunyu&Chiesa,%20Marco&Vanbever,%20Laurent&rft.genre=article&rft_id=info:doi/10.1109/ACCESS.2023.3261128&
 Search print copy at ETH Library

Files in this item

Thumbnail

Publication type

Show simple item record