Dr Hussain Alshamrani
Brief biographical firstname.lastname@example.org
Detecting IP prefix hijack events using BGP activity and AS connectivity analysis
Border Gateway Protocol (BGP4) is currently the standard protocol for core Internet interconnection. Together with its popularity, BGP also has a number of drawbacks, particularly linked to peer trust and policy-based routing. The original protocol was enhanced with a number of features such as route dampening, maximum prefix and AS_PATH length limiting, and prefix filtering, which unfortunately also limit node flexibility, and do not address the fundamental problem of peer misbehaviour. Overlay security solutions have also been proposed for the inherently weak BGP security - Secure Broad Gateway protocol (S-BGP) and Secure Origin Broad Gateway Protocol (soBGP) both addressing partially some of the issues but, due to implementation challenges, only tested from a theoretical perspective. An additional strand of research currently emerging, BGP misbehaviour detection, provides a less intrusive option of observing the traffic and identifying abnormal behaviour.Dr Hussain Alshamrani
The aim of this project is to design a mechanism that detects peer misbehaviour in BGP infrastructures. The mechanism would use BGP route updates as input and apply statistical and AI-based analysis of the content and levels of update messages received; the output of the mechanism would be a node trustworthiness index. The proposed method will be evaluated on a number of scenarios, using a combination of publicly-available BGP data and network simulation environments. Finally, the system will be integrated in a BGP system-based monitoring architecture that would bring together the detection, decision, and policing elements, converting the BGP updates and subsequent misbehaviour detection into routing policies and bias for a specific BGP node.
Director of studies: Dr Bogdan Ghita
Other supervisors: Dr David Lancaster
IP Prefix Hijack Detection Using BGP Attack Signatures and Connectivity Tracking
IP prefix hijack detection using BGP connectivity monitoring
2 Conference papers
2 publication(s) - all categories.