System Detecting Border Gateway Protocol Anomalies Using Local and Remote Data
Authors: A. Starczewska, A. Nawrat, K. Daniec, J. Homa, K. Hołda
Abstract:
Border Gateway Protocol (BGP) is the main routing protocol that enables routing establishment between all autonomous systems, which are the basic administrative units of the internet. Due to the poor protection of BGP, it is important to use additional BGP security systems. Many solutions to this problem have been proposed over the years, but none of them have been implemented on a global scale. This article describes a system capable of building images of real-time BGP network topology in order to detect BGP anomalies. Our proposal performs a detailed analysis of BGP messages that come into local network cards supplemented by information collected by remote collectors in different localizations.
Keywords: Border Gateway Protocol, BGP, BGP hijacking, cybersecurity, detection.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 105References:
[1] REKHTER, Yakov; LI, Tony; HARES, Susan (ed.). RFC 4271: A border gateway protocol 4 (BGP-4). 2006.
[2] „RIPE NCC Routing Information Service” (Online). Available on: https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris
[3] „RIS Docs: Route Collection Raw Data: MRT Files” (Online). Available on: https://ris.ripe.net/docs/20_raw_data_mrt.html
[4] „Routing Information Service Live” (Online). Available on: https://ris-live.ripe.net/
[5] „RIS Docs: RISwhois” (Online). Available on: https://ris.ripe.net/docs/27_riswhois.html#dataservice
[6] „RIPEstat: Providing open data and insights for Internet resources” (Online). Available on: https://stat.ripe.net/about/
[7] „University of Oregon RouteViews Project” (Online). Available on: https://www.routeviews.org/routeviews/
[8] „BGPMon is Now Part of CrossworkCloud” (Online). Available on: https://www.bgpmon.net/
[9] ORSINI, Chiara, et al. BGPStream: a software framework for live and historical BGP data analysis. In: Proceedings of the 2016 Internet Measurement Conference. 2016. p. 429-444.
[10] „BGPStream” (Online). Available on: https://bgpstream.caida.org/
[11] SERMPEZIS, Pavlos, et al. ARTEMIS: Neutralizing BGP hijacking within a minute. IEEE/ACM Transactions on Networking, 2018, 26.6: 2471-2486.
[12] SHI, Xingang, et al. Detecting prefix hijackings in the internet with argus. In: Proceedings of the 2012 Internet Measurement Conference. 2012. p. 15-28.
[13] „Archipelago (Ark) Measurement Infrastructure” (Online). Available on: https://www.caida.org/projects/ark/
[14] MADHYASTHA, Harsha V., et al. iPlane: An information plane for distributed services. In: Proceedings of the 7th symposium on Operating systems design and implementation. 2006. p. 367-380.
[15] „Hurricane Electric Internet Services” (Online). Available on: https://bgp.he.net/net/166.111.0.0/16#_dns
[16] LAD, Mohit, et al. PHAS: A Prefix Hijack Alert System. In: USENIX Security symposium. 2006. p. 3.
[17] QIU, Jian, et al. Detecting bogus BGP route information: Going beyond prefix hijacking. In: 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops-SecureComm 2007. IEEE, 2007. p. 381-390.
[18] ZHENG, Changxi, et al. A light-weight distributed scheme for detecting IP prefix hijacks in real-time. ACM SIGCOMM Computer Communication Review, 2007, 37.4: 277-288.
[19] „BGPalerter” (Online). Available on: https://github.com/nttgin/BGPalerter
[20] „rpki-validator” (Online). Available on: https://github.com/massimocandela/rpki-validator
[21] „rpki-client” (Online). Available on: https://www.rpki-client.org/
[22] „RPKI TOOLS: Routinator” (Online). Available on: https://www.nlnetlabs.nl/projects/rpki/routinator/
[23] „Cloudflare RPKI Validator Tools and Libraries” (Online). Available on: https://github.com/cloudflare/cfrpki
[24] „BGPAA” (Online). Available on: https://github.com/BGPAA/BGP_Attack_Analysis
[25] „TaBi – Track BGP Hijacks” (Online). Available on: https://github.com/ANSSI-FR/tabi
[26] „MaBo – MRT and BGP in OCaml” (Online). Available on: https://github.com/ANSSI-FR/mabo
[27] „BGPStream: BGPReader” (Online). Available on: https://bgpstream.caida.org/docs/tools/bgpreader
[28] „Route Leak Detection” (Online). Available on: https://github.com/ANSSI-FR/route_leaks
[29] JU, Qing; KHARE, Varun; ZHANG, Beichuan. Large route leak detection. NANOG'49, 2010.
[30] „Namby Pamby Magicians: msgpackr” (Online). Available on: https://www.npmjs.com/package/msgpackr
[31] „Redis” (Online). Available on: https://redis.io/
[32] „The BIRD Internet Routing Deamon” (Online). Available on: https://bird.network.cz/