Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis > publications : papers : 2019 : bgp_hijacking_classification
BGP Hijacking Classification
S. Cho, R. Fontugne, K. Cho, A. Dainotti, and P. Gill, "BGP Hijacking Classification", in Network Traffic Measurement and Analysis Conference (TMA), Jun 2019.
|   View full paper:    PDF    DOI    |  Citation:    BibTeX    Resource Catalog   |

BGP Hijacking Classification

Shinyoung Cho3
Romain Fontugne2
Kenjiro Cho2
Alberto Dainotti1
Phillipa Gill4

CAIDA, San Diego Supercomputer Center, University of California San Diego


IIJ Research Lab


Stony Brook University


UMass Amherst

Recent reports show that BGP hijacking has increased substantially. BGP hijacking allows malicious ASes to obtain IP prefixes for spamming as well as intercepting or blackholing traffic. While systems to prevent hijacks are hard to deploy and require the cooperation of many other organizations, techniques to detect hijacks have been a popular area of study. In this paper, we classify detected hijack events in order to document BGP detectors output and understand the nature of reported events. We introduce four categories of BGP hijack: typos, prepending mistakes, origin changes, and forged AS paths. We leverage AS hegemony – a measure of dependency in AS relationship – to identify forged AS paths in a fast and efficient way. Besides, we utilize heuristic approaches to find common operators’ mistakes such as typos and AS prepending mistakes. The proposed approach classifies our collected ground truth into four categories with 95.71% accuracy. We characterize publicly reported alarms (e.g. BGPMon) with our trained classifier and find 4%, 1%, and 2% of typos, prepend mistakes, and BGP hijacking with a forged AS path, respectively.

Keywords: routing, security, topology
  Last Modified: Tue Nov-17-2020 04:47:38 UTC
  Page URL: