Real-time system for detecting inter-domain routing man-in-the-middle attacks

doi:10.16511/j.cnki.qhdxxb.2015.21.017

Abstract
Figures/Tables
References
Related Articles
Metrics

Download: PDF(1290 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract Man-in-the-middle attacks have become a new serious threat to inter-domain routing. This paper presents a real-time system for detecting inter-domain routing man-in-the-middle attacks based on an analysis of a threat model and key features in the control plane and the data plane. The detection system first monitors the anomalous route in the control plane and then probes the data plane to identify the inter-domain routing man-in-the-middle attack. Internet tests show that the detection system is light-weight and effectively detects probable man-in-the-middle attacks in inter-domain routing in real time.

Keywords inter-domain routing prefix hijacking man-in-the-middle attack detection

ZTFLH:

TP393.4

Issue Date: 15 November 2015

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	LI Song
	DUAN Haixin
	LI xing

Cite this article:

LI Song,DUAN Haixin,LI xing. Real-time system for detecting inter-domain routing man-in-the-middle attacks[J]. Journal of Tsinghua University(Science and Technology), 2015, 55(11): 1229-1234.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2015.21.017 OR http://jst.tsinghuajournals.com/EN/Y2015/V55/I11/1229

[1] 黎松, 诸葛建伟, 李星. BGP安全研究[J]. 软件学报, 2013, 24(1):121-138.Li S, Zhuge J W, Li X. Study on BGP security[J]. Ruanjian Xuebao/Journal of Software, 2013, 24(1):121-138.(in Chinese)
[2] Hiran R, Carlsson N, Gill P. Characterizing large-scale routing anomalies:A case study of the China Telecom incident[J]. Lecture Notes in Computer Science, 2013:229-238.
[3] Dyn Research. The new threat:Targeted internet traffic misdirection[EB/OL].(2013-11-19). http://research.dyn.com/2013/11/mitm-internet-hijacking.
[4] Dyn Research. Uk traffic diverted through Ukraine[EB/OL].(2015-3-13). http://research.dyn.com/2015/03/uk-traffic-diverted-ukraine.
[5] Hu X, Mao Z M. Accurate real-time identification of IP prefix hijacking[C]//Security and Privacy, 2007. Oakland, California, USA:IEEE, 2007:3-17.
[6] Zhang Z, Zhang Y, Hu Y C, et al. iSPY:Detecting IP prefix hijacking on my own[J]. IEEE/ACM Transactions on Networking(TON), 2010, 18(6):1815-1828.
[7] Xiang Y, Wang Z, Yin X, et al. Argus:An accurate and agile system to detecting IP prefix hijacking[C]//Proc 19th IEEE International Conf Network Protocols. Vancouver, BC, Canada:IEEE, 2011:43-48.
[8] Ballani H, Francis P, Zhang X. A study of prefix hijacking and interception in the internet[J]. ACM Sigcomm Computer Communication Review, 2007, 37(4):265-276.
[9] Zhang Y, Pourzandi M. Studying impacts of prefix interception attack by exploring BGP AS-PATH prepending[C]//Proc 32nd IEEE International Conf Distributed Computing Systems. Macau, China:IEEE, 2012:667-677.
[10] Zheng C, Ji L, Pei D, et al. A light-weight distributed scheme for detecting ip prefix hijacks in real-time[J]. ACM Sigcomm Computer Communication Review, 2007, 37(4):277-288.
[11] Zhao X, Pei D, Wang L, et al. An analysis of BGP multiple origin AS(MOAS) conflicts[C]//Proc 1st ACM SIGCOMM Workshop on Internet Measurement. San Francisco, California, USA:ACM, 2001:31-35.
[12] Colorado State University. Welcome to BGPmon[DB/OL].[2015-08-18] http://www.bgpmon.io.
[13] University of Oregon's Advanced Network Technology Center. University of oregon route views project[DB/OL].[2015-08-18] http://www.routeviews.org.
[14] Jared Mauch. Open DNS Resolver Project[DB/OL].[2015-08-18] http://openresolverproject.org.
[15] Madhyastha H V, Isdal T, Piatek M, et al. iPlane:An information plane for distributed services[C]//Proc 7th symposium on Operating systems design and implementation. Seattle, WA, USA:USENIX Association, 2006:367-380.
[16] China Education and Research Network Center. CERNET-中国教育和科研计算机网[EB/OL].[2015-08-18] http://www.edu.cn/cernet_fu_wu/.
[17] Gao L. On inferring autonomous system relationships in the Internet[J]. IEEE/ACM Transactions on Networking(ToN), 2001, 9(6):733-745.
[18] Center for Applied Internet Data Analysis. The caida ucsd as-relationships[DB/OL].[2015-08-01] http://data.caida.org/datasets/as-relationships/serial-1.

[1]	JIANG Huiling, BAI Gali, ZHOU Zheng, DENG Qing, TENG Jie, ZHANG Yue, ZHOU Liang, ZHOU Zhengqing. An arc fault detection method based on a one-dimensional dilated convolutional neural network[J]. Journal of Tsinghua University(Science and Technology), 2024, 64(3): 492-501.
[2]	ZHANG Zhitian, WANG Yuanyuan, LUO Zhub, GUO Ziyang, GUO Hongling. Automatic detection of hazardous scenarios during spatial interaction between tower cranes and workers[J]. Journal of Tsinghua University(Science and Technology), 2024, 64(2): 198-204.
[3]	XIE Tian, YU Lingyun, LUO Changwei, XIE Hongtao, ZHANG Yongdong. Survey of deep face manipulation and fake detection[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(9): 1350-1365.
[4]	HUANG Ben, KANG Fei, TANG Yu. A real-time detection method for concrete dam cracks based on an object detection algorithm[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(7): 1078-1086.
[5]	LI Jialong, Chen Yongcan, LI Yonglong, WANG Haoran, XIE Hui. Design and detection efficiency analysis of desilting replacement module in sediment accumulation environment[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(7): 1104-1112.
[6]	LI Kaiyuan, YUAN Hongyong, CHEN Tao, HUANG Lida. Tunable diode laser absorption spectroscopy (TDLAS)-based optical probe initial fire detection system[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(6): 910-916.
[7]	GONG Qin, WANG He, ZHU Min, WANG Huimin, MA Tao, DING Dongxiang. Development of a personalized tinnitus detection and treatment instrument[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(12): 2076-2084.
[8]	ZHOU Kai, ZHANG Ruizhe, YE Kuan, LI Hongda, WANG Zhe, HUANG Songling. Electromagnetic ultrasonic SH guided wave detection method for grounded flat steel defects based on synchrosqueezed wavelet transforms[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(12): 2013-2020.
[9]	LUO Wangda, LIU Yuhan, LIANG Bin, XU Ruifeng. Answer stance detection based on recurrent interactive attention network[J]. Journal of Tsinghua University(Science and Technology), 2021, 61(9): 913-919.
[10]	GAO Yang, WANG Mengli, CHU Henglin. Threat space reduction method for satellite navigation signal distortion model[J]. Journal of Tsinghua University(Science and Technology), 2021, 61(9): 1008-1014.
[11]	MEI Jie, LI Qingbin, CHEN Wenfu, WU Kun, TAN Yaosheng, LIU Chunfeng, WANG Dongmin, HU Yu. Overtime warning of concrete pouring interval based on object detection model[J]. Journal of Tsinghua University(Science and Technology), 2021, 61(7): 688-693.
[12]	ZHOU Xiaotong, ZHANG Rong. Ring-diode capacitance detection circuit characteristics[J]. Journal of Tsinghua University(Science and Technology), 2021, 61(6): 653-658.
[13]	GAO Yang, REN Wang, WU Renpu, WANG Weiping, YI Shengwei, HAN Baijing. Attack detection and security state estimation of cyber-physical systems[J]. Journal of Tsinghua University(Science and Technology), 2021, 61(11): 1234-1239.
[14]	GUAN Zhibin, WANG Xiaomeng, XIN Wei, WANG Jiajie. Data generation and annotation method for source code defect detection[J]. Journal of Tsinghua University(Science and Technology), 2021, 61(11): 1240-1245.
[15]	WANG Xiaomeng, GUAN Zhibin, XIN Wei, WANG Jiajie. Source code defect detection using deep convolutional neural networks[J]. Journal of Tsinghua University(Science and Technology), 2021, 61(11): 1267-1272.

Viewed

Full text

Abstract

Cited

Shared

Discussed