DeepAI AI Chat
Log In Sign Up

Oscilloscope: Detecting BGP Hijacks in the Data Plane

by   Tobias Bühler, et al.

The lack of security of the Internet routing protocol (BGP) has allowed attackers to divert Internet traffic and consequently perpetrate service disruptions, monetary frauds, and even citizen surveillance for decades. State-of-the-art defenses rely on geo-distributed BGP monitors to detect rogue BGP announcements. As we show, though, attackers can easily evade detection by engineering their announcements. This paper presents Oscilloscope, an approach to accurately detect BGP hijacks by relying on real-time traffic analysis. As hijacks inevitably change the characteristics of the diverted traffic, the key idea is to track these changes in real time and flag them. The main challenge is that "normal" Internet events (e.g., network reconfigurations, link failures, load balancing) also change the underlying traffic characteristics - and they are way more frequent than hijacks. Naive traffic analyses would hence lead to too many false positives. We observe that hijacks typically target a subset of the prefixes announced by Internet service providers and only divert a subset of their traffic. In contrast, normal events lead to more uniform changes across prefixes and traffic. Oscilloscope uses this observation to filter out non-hijack events by checking whether they affect multiple related prefixes or not. Our experimental evaluation demonstrates that Oscilloscope quickly and accurately detects hijacks in realistic traffic traces containing hundreds of events.


Impact of Evolving Protocols and COVID-19 on Internet Traffic Shares

The rapid deployment of new Internet protocols over the last few years a...

Watching the Watchers: Nonce-based Inverse Surveillance to Remotely Detect Monitoring

Internet users and service providers do not often know when traffic is b...

On Blowback Traffic on the Internet

This paper considers the phenomenon where a single probe to a target gen...

A Survey of Real-Time Social-Based Traffic Detection

Online traffic news web sites do not always announce traffic events in a...

Expect More from the Networking: DDoS Mitigation by FITT in Named Data Networking

Distributed Denial of Service (DDoS) attacks have plagued the Internet f...

Decrypting SSL/TLS traffic for hidden threats detection

The paper presents an analysis of the main mechanisms of decryption of S...

RCNF: Real-time Collaborative Network Forensic Scheme for Evidence Analysis

Network forensic techniques help in tracking different types of cyber at...