On the classification and false alarm of invalid prefixes in RPKI based BGP route origin validation

被引:0
|
作者
Xu, Wenjie [1 ]
Chang, Deliang [1 ]
Li, Xing [1 ]
机构
[1] Tsinghua Univ, Dept Elect Engn, Beijing, Peoples R China
来源
2019 IFIP/IEEE SYMPOSIUM ON INTEGRATED NETWORK AND SERVICE MANAGEMENT (IM) | 2019年
关键词
BGP; RPKI; ROV;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
BGP is the default inter- domain routing protocol in today's Internet, but has serious security vulnerabilities [1]. One of them is (sub) prefix hijacking. IETF standardizes RPKI to validate the AS origin but RPKI has a lot of problems [2] [3] [4] [5], among which is potential false alarm. Although some previous work [4] [2] points it out explicitly or implicitly, further measurement and analysis remain to be done. Our work measures and analyzes the invalid prefixes systematically. We first classify the invalid prefixes into six different types and then analyze their stability. We show that a large proportion of the invalid prefixes very likely result from traffic engineering, IP address transfer and failing to aggregate rather than real hijackings.
引用
收藏
页码:654 / 658
页数:5
相关论文
共 11 条
  • [1] On the classification and false alarm of invalid prefixes in RPKI based BGP route origin validation
    Xu, Wenjie
    Chang, Deliang
    Li, Xing
    2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019, 2019, : 654 - 658
  • [2] Measuring BGP Route Origin Registration and Validation
    Iamartino, Daniele
    Pelsser, Cristel
    Bush, Randy
    PASSIVE AND ACTIVE MEASUREMENT (PAM 2015), 2015, 8995 : 28 - 40
  • [3] Route Origin Authorization Emergency Synchronization Based on RPKI Relying Party Cache
    Wang, Yuliang
    Xu, Mingwei
    Li, Kang
    Cuiyun, Huai
    Zhang, Jiafu
    Li, Zongpeng
    Yang, Bo
    2024 INTERNATIONAL CONFERENCE ON NETWORKING AND NETWORK APPLICATIONS, NANA 2024, 2024, : 311 - 316
  • [4] False alarm classification model for network-based intrusion detection system
    Shin, MS
    Kim, EH
    Ryu, KH
    INTELLIGENT DATA ENGINEERING AND AUTOMATED LEARNING IDEAL 2004, PROCEEDINGS, 2004, 3177 : 259 - 265
  • [5] Design and experimental validation of knowledge-based constant false alarm rate detectors
    De Maio, A.
    Farina, A.
    Foglia, G.
    IET RADAR SONAR AND NAVIGATION, 2007, 1 (04): : 308 - 316
  • [6] Radar false alarm plots elimination based on multi-feature extraction and classification
    Cheng Yi
    Zhao Yan
    Yin Peiwen
    The Journal of China Universities of Posts and Telecommunications, 2024, 31 (01) : 83 - 92
  • [7] InBlock4: Blockchain-based Route Origin Validation
    Angieri, Stefano
    Bagnulo, Marcelo
    Garcia-Martinez, Alberto
    Liu, Bingyang
    Wei, XinPeng
    IEEE INFOCOM 2020 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (INFOCOM WKSHPS), 2020, : 291 - 296
  • [8] Discrimination model using denoising autoencoder-based majority vote classification for reducing false alarm rate
    Lee, Heonyong
    Yu, Kyungtak
    Kim, Shiu
    NUCLEAR ENGINEERING AND TECHNOLOGY, 2023, 55 (10) : 3716 - 3724
  • [9] Inter-Domain Prefix and Route Validation Using Fast and Scalable DAG Based Distributed Ledger for Secure BGP Routing
    Prashanth Podili
    Sumanth Reddy Cherupally
    Srinivas Boga
    Kotaro Kataoka
    Journal of Network and Systems Management, 2022, 30
  • [10] Inter-Domain Prefix and Route Validation Using Fast and Scalable DAG Based Distributed Ledger for Secure BGP Routing
    Podili, Prashanth
    Cherupally, Sumanth Reddy
    Boga, Srinivas
    Kataoka, Kotaro
    JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2022, 30 (04)
12