Experimental Deployment of the ARTEMIS BGP Hijacking Detection Prototype in Research and Educational Networks

In collaboration with INSPIRE group (FORTH, Greece) we will carry out a first experimental assisted deployment of our Automatic and Real-Time dEtection and Mitigation System (ARTEMIS) in selected research and educational networks in the U.S.

Sponsored by:
National Science Foundation (NSF)

Principal Investigators: Alberto Dainotti Alistair King

Funding source:  OAC-1848641 Period of performance: September 1, 2018 - August 31, 2019.


Project Summary

Automatic and Real-Time dEtection and MItigation System (ARTEMIS) offers detection and mitigation techniques for BGP prefix hijacking focusing on the following novel aspects:


• the real-time monitoring of the inter-domain routing control plane using streaming services by RIPE RIS and other data providers
• the accurate detection of regular and advanced types of BGP prefix hijacking attacks, which can be very stealthy
• the evaluation of mitigation techniques to automatically resolve hijacking incidents within few seconds.

Using ARTEMIS, a network operator will not have to rely on third party services for the detection of these attacks (with consequent loss of privacy, detection accuracy issues, and practical deployment issues), but instead will be able to autonomously instantiate defense mechanisms that are more reliable, accurate and fast.

Presentations of ARTEMIS to various popular network operator meetings (hosted by RIPE, IETF, Internet2, etc.) were met favorably. Several operators from research and educational networks agreed to collaborate with us in order to test our approach and help identify and tackle operational challenges crucial for deployment in a real operational network. Examples of such challenges are: how to perform automated configuration as the operator makes changes to its BGP policies and announced routes in different points of its network? How to perform route de-aggregation or alter BGP communities in already deaggregated routes that are normally distributed only within the operator's routing domain?

In this project we will experimentally deploy ARTEMIS in few selected operator networks supporting education, research and other no-profit activities in the US, such as Internet2, MERIT, and Great Plains Network. The main goals of our project are:


a) evaluate the ARTEMIS methods and their implementation in real operational scenarios;
b) learn and address real deployment technical issues;
c) train operators in the use of the tool and contribute to the improved security of their networks.

This project will significantly contribute to our effort to transition a prototype mainly based on theoretical foundations and controlled experiments into a real platform that can be practically used by operators to secure their networks. The results will bring a greater understanding of technical and practical challenges in deploying a reactive solution to detect and mitigate BGP hijacking attacks.

Published