Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : papers : 2019 : bgp_hijacking_classification
BGP hijacking classification
S. Cho, R. Fontugne, K. Cho, A. Dainotti, and P. Gill, "BGP hijacking classification", in Network Traffic Measurement and Analysis Conference (TMA), Jun 2019.
|   View full paper:    PDF    |  Citation:    BibTeX   |

BGP hijacking classification

Shinyoung Cho3
Romain Fontugne2
Kenjiro Cho2
Alberto Dainotti1
Phillipa Gill4
1

CAIDA, San Diego Supercomputer Center, University of California San Diego

2

IIJ Research Lab

3

Stony Brook University

4

UMass Amherst

Recent reports show that BGP hijacking has increased substantially. BGP hijacking allows malicious ASes to obtain IP prefixes for spamming as well as intercepting or blackholing traffic. While systems to prevent hijacks are hard to deploy and require the cooperation of many other organizations, techniques to detect hijacks have been a popular area of study. In this paper, we classify detected hijack events in order to document BGP detectors output and understand the nature of reported events. We introduce four categories of BGP hijack: typos, prepending mistakes, origin changes, and forged AS paths. We leverage AS hegemony – a measure of dependency in AS relationship – to identify forged AS paths in a fast and efficient way. Besides, we utilize heuristic approaches to find common operators’ mistakes such as typos and AS prepending mistakes. The proposed approach classifies our collected ground truth into four categories with 95.71% accuracy. We characterize publicly reported alarms (e.g. BGPMon) with our trained classifier and find 4%, 1%, and 2% of typos, prepend mistakes, and BGP hijacking with a forged AS path, respectively.

Keywords: routing, security, topology
  Last Modified: Wed Jul-17-2019 12:31:58 PDT
  Page URL: http://www.caida.org/publications/papers/2019/bgp_hijacking_classification/index.xml