Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
ARTEMIS: Neutralizing BGP Hijacking within a Minute
P. Sermpezis, V. Kotronis, P. Gigis, X. Dimitropoulos, D. Cicalese, A. King, and A. Dainotti, "ARTEMIS: Neutralizing BGP Hijacking within a Minute", IEEE/ACM Transactions on Networking, vol. 26, no. 6, pp. 2471--2486, Dec 2018.
|   View full paper:    PDF    DOI    Related Presentation    |  Citation:    BibTeX    Resource Catalog   |

ARTEMIS: Neutralizing BGP Hijacking within a Minute

Pavlos Sermpezis2
Vasileios Kotronis2
Petros Gigis2
Xenofontas Dimitropoulos2, 4
Danilo Cicalese1, 3
Alistair King1
Alberto Dainotti1

CAIDA, San Diego Supercomputer Center, University of California San Diego


Foundation for Research and Technology - Hellas, Institute of Computer Science (FORTH-ICS)


Telecom ParisTech


University of Crete

BGP prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches (ranging from RPKI to popular third-party services), none of them solves the problem adequately in practice. In fact, they suffer from: (i) lack of detection comprehensiveness, allowing sophisticated attackers to evade detection, (ii) limited accuracy, especially in the case of third-party detection, (iii) delayed verification and mitigation of incidents, reaching up to days, and (iv) lack of privacy and of flexibility in post-hijack counteractions, on the side of network operators. In this work, we propose ARTEMIS (Automatic and Real-Time dEtection and MItigation System), a defense approach (a) based on accurate and fast detection operated by the AS itself, leveraging the pervasiveness of publicly available BGP monitoring services and their recent shift towards real-time streaming, thus (b) enabling flexible and fast mitigation of hijacking events. Compared to previous work, our approach combines characteristics desirable to network operators such as comprehensiveness, accuracy, speed, privacy, and flexibility. Finally, we show through real-world experiments that, with the ARTEMIS approach, prefix hijacking can be neutralized within a minute.

Keywords: passive data analysis, routing, security, software/tools, topology
  Last Modified: Tue Nov-17-2020 04:47:36 UTC
  Page URL: