Sciweavers

CCS
2010
ACM

Region-based BGP announcement filtering for improved BGP security

14 years 6 months ago
Region-based BGP announcement filtering for improved BGP security
BGP prefix hijacking is a serious security threat on the Internet. In this paper we propose a region-based BGP announcement filtering scheme (RBF) to improve the BGP security. In contrast to existing solutions that indifferently prevent or detect prefix hijacking attacks, RBF enables differentiated AS and prefix filtering treatment and blends prefix hijacking prevention with deterrence. RBF is a light-weight BGP security scheme that provides strong incremental deployment incentive and better prefix hijacking deterrence. Experimental studies based on real Internet numbers allocation information and BGP traces show that RBF is a feasible and effective scheme in improving BGP security. For example, on the days without known BGP prefix hijacking attacks, only a small number of BGP announcements will be flagged as attacks. Importantly, by applying RBF to known BGP prefix hijacking attacks, we show that RBF can detect and filter both large-scale and smallscale BGP prefix hija...
Fernando Sanchez, Zhenhai Duan
Added 18 May 2010
Updated 18 May 2010
Type Conference
Year 2010
Where CCS
Authors Fernando Sanchez, Zhenhai Duan
Comments (0)