Region-based BGP Announcement Filtering for Improved BGP Security
BGP prefix hijacking is a serious security threat on the Internet. In this paper we propose a region-based BGP announcement filtering scheme (RBF) to improve the BGP security. In contrast to existing solutions that indifferently prevent or detect prefix hijacking attacks, RBF enables differentiated AS and prefix filtering treat ment and blends prefix hijacking prevention with deter rence. RBF is a light-weight BGP security scheme that provides strong incremental deployment incentive and better prefix hijacking deterrence. Experimental studies based on real Internet numbers allocation information and BGP traces show that RBF is a feasible and effec tive scheme in improving BGP security. For example, on the days without known BGP prefix hijacking at tacks, only a small number of BGP announcements will be flagged as attacks. Importantly, by applying RBF to known BGP prefix hijacking attacks, we show that RBF can detect and filter both large-scale and small scale BGP prefix hijacking attacks even if only a single prefix is hijacked.
BGP BGP Security Network Prefix Hijacking
Fernando Sanchez Zhenhai Duan
Florida State University
国际会议
北京
英文
89-100
2010-04-13(万方平台首次上网日期,不代表论文的发表时间)