iSPY: Detecting IP Prefix Hijacking on My Own
iSPY: Detecting IP Prefix Hijacking on My Own |
|
|
iSPY is a defense system against IP prefix hijacking.
IP prefix hijacking is an attack on the Border Gateway Protocol (BGP). BGP is the lifeblood of the Internet. It is responsible distributing reachability information over the Internet. Prefix hijacking would cause IP prefixes to be unreachable. In the past, there were several serious prefix hijacking incidents that were targeted to important prefixes such as root DNS server, Google and YouTube. However, there is no effective solution to prevent hijackings. Even detecting hijackings alone is challenging.
iSPY improves the state-of-art technique on prefix hijacking detection. The distinct feature of iSPY is that to protect a prefix, iSPY just needs to run on one machine in that prefix itself. iSPY does not require any external BGP feeds, or require running on external machines. Therefore, iSPY is easy to deploy. iSPY is also real-time and accurate. Through detailed simulations and experiments, we demonstrate that iSPY is accurate with false negative ratio below 0.45% and false positive ratio below 0.17%. Furthermore, iSPY is truly real-time; it can detect hijacking events within a few minutes.
Zheng Zhang, Ying Zhang, Y. Charlie Hu, Z. Morley Mao, and Randy Bush. iSPY: Detecting IP Prefix Hijacking on My Own. Proceedings of ACM SIGCOMM'08, Seattle, WA, August 17-22, 2008. [Download the simulator and topology used in the paper].
