ARTEMIS: Real-Time Detection and Automatic Mitigation for BGP Prefix Hijacking

Prefix hijacking is a common phenomenon in the Internet that often causes routing problems and economic losses. In this demo, we propose ARTEMIS, a tool that enables network administrators to detect and mitigate prefix hijacking incidents, against their own prefixes. ARTEMIS is based on the real-time monitoring of BGP data in the Internet, and software-defined networking (SDN) principles, and can completely mitigate a prefix hijacking within a few minutes (e.g., 5-6mins in our experiments) after it has been~launched.

[1]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[2]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[3]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[4]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[5]  Zhuoqing Morley Mao,et al.  Accurate Real-time Identification of IP Prefix Hijacking , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6]  Randy Bush,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2008, IEEE/ACM Transactions on Networking.

[7]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM 2006.

[8]  Xenofontas A. Dimitropoulos,et al.  Routing centralization across domains via SDN: A model and emulation framework for BGP evolution , 2015, Comput. Networks.

[9]  Lixia Zhang,et al.  Understanding Resiliency of Internet Topology against Prefix Hijack Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[10]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[11]  Vasileios Giotsas,et al.  Periscope: Unifying Looking Glass Querying , 2016, PAM.

[12]  Olaf Maennel,et al.  Internet optometry: assessing the broken glasses in internet reachability , 2009, IMC '09.

[13]  Beichuan Zhang,et al.  Concurrent prefix hijacks: occurrence and impacts , 2012, IMC '12.

[14]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[15]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[16]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.

[17]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[18]  Lixia Zhang,et al.  Cyclops: the AS-level connectivity observatory , 2008, CCRV.

[19]  Dan Pei,et al.  A light-weight distributed scheme for detecting ip prefix hijacks in real-time , 2007, SIGCOMM '07.

[20]  Marc Dacier,et al.  Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks , 2015, NDSS.

[21]  Ítalo S. Cunha,et al.  PEERING: An AS for Us , 2014, HotNets.