[Nrg-l] Reminder NRG Presentation: Feb/9/2009 - Monday

Jorge Londoño jmlon at cs.bu.edu
Sun Feb 8 22:30:48 EST 2009

*Speaker:* Vatche Ishakian

Ispy: detecting ip prefix hijacking on my own
Z. Zhang, Y. Zhang, Y. Hu, Z. Mao, and R. Bush

*Abstract:* IP prefix hijacking remains a major threat to the security 
of the Internet routing system due to a lack of authoritative prefix 
ownership information. Despite many efforts in designing IP prefix 
hijack detection schemes, no existing design can satisfy all the 
critical requirements of a truly effective system: real-time, accurate, 
light-weight, easily and incrementally deployable, as well as robust in 
victim notification. In this paper, we present a novel approach that 
fulfills all these goals by monitoring network reachability from key 
external transit networks to one's own network through lightweight 
prefix-owner-based active probing. Using the prefix-owner's view of 
reachability, our detection system, iSPY, can differentiate between IP 
prefix hijacking and network failures based on the observation that 
hijacking is likely to result in topologically more diverse polluted 
networks and unreachability. Through detailed simulations of Internet 
routing, 25-day deployment in 88 ASes (108 prefixes), and experiments 
with hijacking events of our own prefix from multiple locations, we 
demonstrate that iSPY is accurate with false negative ratio below 0.45% 
and false positive ratio below 0.17%. Furthermore, iSPY is truly 
real-time; it can detect hijacking events within a few minutes.

*Place and time:*
Grad lounge, 4pm

More information about the Nrg-l mailing list