B-Secure: A Dynamic Reputation System for Identifying Anomalous BGP Paths

Sankar, Ananth; Poornachandran, Prabaharan; Ashok, Aravind; Manu, R. K.; Hrudya, P.

doi:10.1007/978-981-10-3153-3_76

Cited by 6 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Work described in [12] focuses on developing security schemes for rating AS reputation. Hence, they attempt to identify malicious or poorly managed networks.…”

Section: Related Workmentioning

confidence: 99%

Macroscopic Analysis of IoT Botnets

Almazarqi

Woodyard²,

Mursch³

et al. 2022

GLOBECOM 2022 - 2022 IEEE Global Communications Conference

View full text Add to dashboard Cite

The adoption of the IoT by modern sociotechnical systems in synergy with the rapid deployment of insecure IoT devices and services has transformed the cyber-threat landscape. Thus, the vast majority of cyberattacks are underpinned by the orchestration of compromised IoT devices that are globally distributed and controlled through carefully designed IoT botnets. Contrary to conventional belief, cybersecurity vectors instrumented by such botnets are not always uniformly distributed across Internet Autonomous Systems (ASes). By virtue of network structural characteristics imposed by each individual Autonomous System (AS) as well as the diversity in terms of ASlevel cybersecurity policies, the spatiotemporal manifestation of IoT botnets differs. In this work, we provide a novel measurement study that empirically quantifies AS tolerance of IoT botnet propagation in the global IPv4 Internet. We assess and correlate measurements gathered by globally distributed honeypots, Internet regional registries and IP blacklists for a 15-month period and observe more than 3.2M malicious events triggered by IoT botnets spanning 9.5K ASes. Our work demonstrates that ASes connected to a low number of providers are prone to embrace a high portion of malicious activities. Hence, we provide evidence on concentrated botnet activities and determine the effectiveness of widely used IP blacklists. In general, this study contributes towards empowering knowledge on large-scale cyber-attacks as being crucial for the composition of next generation data-driven cybersecurity defence applications.

show abstract

“…Work described in [12] focuses on developing security schemes for rating AS reputation. Hence, they attempt to identify malicious or poorly managed networks.…”

Section: Related Workmentioning

confidence: 99%

Macroscopic Analysis of IoT Botnets

Almazarqi

Woodyard²,

Mursch³

et al. 2022

GLOBECOM 2022 - 2022 IEEE Global Communications Conference

View full text Add to dashboard Cite

show abstract

“…ASwatch [4] 从历史现网数据中提取了自治域重连、BGP 路由动态和自治域 IP 地址碎片化 3 类特征, 使用随机森林算法训练分类器, 计算自治域的历史信誉度, 以甄别恶意自治域. 文献 [19] 提出一种用于识别异常 BGP 路径的动态信誉系统 B-secure, 基于历史 BGP 更新数据计算路径加权编辑距离与偏差概率, 以量化 BGP 路径的可信度. Arouna 等 [20] 分布式自治域信誉机制通过各自治域协同共享信息的方式获取自治域的行为信誉评价.…”

Section: 相关工作unclassified

“…• 宣告路径编辑距离 (AS-path edit distance, APED) 是自治域对某目的前缀宣告的路径差异程度的量化, 用于反映自治域发出更新事件的路径稳定性 [19,23] . 宣告路径编辑距离借鉴度量字符序列差异的字符串度量标准…”

Section: 综上现有域间路由信誉技术在两个方面存在局限性unclassified

An inter-domain routing reputation model based on autonomous domain collaboration

陈迪¹,

邱菡²,

祝凯捷³

et al. 2021

Sci. Sin.-Inf.

View full text Add to dashboard Cite

show abstract

“…Multiple such BGP incidents are reported when they are notable ones [13], [14]; often they are not reported because they cannot be always detectable, they have a limited scope, last for a short time, target a precise prefix, etc. A notable recent attack happened in 2014, when attackers have exploited such attacks to steal bitcoins [15]: the attackers were able to inject BGP routes which redirected traffic from Bitcoin miner nodes to the attackers compromised host.…”

Section: B Internet Mitm Attacksmentioning

confidence: 99%

Can MPTCP secure Internet communications from man-in-the-middle attacks?

Nguyen¹,

Phung²,

Secci³

et al. 2017

2017 13th International Conference on Network and Service Management (CNSM)

View full text Add to dashboard Cite

Multipath communications at the Internet scale have been a myth for a long time, with no actual protocol being deployed so that multiple paths could be taken by a same connection on the way towards an Internet destination. Recently, the Multipath Transport Control Protocol (MPTCP) extension was standardized and is undergoing a quick adoption in many use-cases, from mobile to fixed access networks, from data-centers to core networks. Among its major benefits -i.e., reliability thanks to backup path rerouting; throughput increase thanks to link aggregation; and confidentiality thanks to harder capacity to intercept a full connection -the latter has attracted lower attention. How interesting would it be using MPTCP to exploit multiple Internet-scale paths hence decreasing the probability of man-in-the-middle (MITM) attacks is a question to which we try to answer. By analyzing the Autonomous System (AS) level graph, we identify which countries and regions show a higher level of robustness against MITM AS-level attacks, for example due to core cable tapping or route hijacking practices.

show abstract

B-Secure: A Dynamic Reputation System for Identifying Anomalous BGP Paths

Cited by 6 publications

References 8 publications

Macroscopic Analysis of IoT Botnets

Macroscopic Analysis of IoT Botnets

An inter-domain routing reputation model based on autonomous domain collaboration

Can MPTCP secure Internet communications from man-in-the-middle attacks?

Contact Info

Product

Resources

About