Visual analytics for BGP monitoring and prefix hijacking identification

Biersack, Ernst W; Jacquemart, Quentin; Fischer, Fabian; Fuchs, Johannes; Thonnard, Olivier; Theodoridis, Georgios; Tzovaras, Dimitrios; Vervier, Pierre-Antoine

The control plane of the Internet relies entirely on BGP as inter-domain routing protocol to maintain and exchange routing information between large network providers and their customers. However, an intrinsic vulnerability of the protocol is its inability to validate the integrity and correctness of routing information exchanged between peer routers.
As a result, it is relatively easy for people with malicious intent to steal legitimate IP blocks through an attack known as prefix hijacking, which essentially consists in injecting bogus routing information into the system to redirect or subvert network traffic.In this paper, we give a short survey of visualization methods that have been developed for BGP monitoring, in particular for the identification of prefix hijacks. Our goal is to illustrate how network visualization has the potential to assist an analyst in detecting abnormal routing patterns in massive amounts of BGP data. Finally, we present an analysis of a real validated case of prefix hijacking, which took place between April and August 2011. We use this hijack case study to illustrate the ongoing work carried out in VIS-SENSE, a European research project that leverages visual analytics to develop more effective tools for BGP monitoring and prefix hijack detection.

Sécurité numérique
Eurecom Ref:
© 2012 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.