TowerDefense: Deployment Strategies for Battling against IP Prefix Hijacking

Files
GT-CS-10-08.pdf (314.05 KB)
Author(s)
Qiu, Tongqing
Ji, Lusheng
Pei, Dan
Wang, Jia
Xu, Jun
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
School of Computer Science
School established in 2007
Series
Series
Series
Collections
Research Publications
Supplementary to:
Permanent Link
http://hdl.handle.net/1853/35003
Abstract
IP prefix hijacking is known as one of the top security threats targeting today's Internet routing infrastructure. Several schemes have been proposed to either detect or mitigate prefix hijacking events. However, none of these approaches is adopted and deployed in large-scale on the Internet due to reasons such as scalability, economical practicality, or unrealistic assumptions about the collaborations among ISPs. As a result, there is lack of actionable and deployable solutions for dealing with prefix hijacking. In this paper, we study key issues related to deploying and operating an IP prefix hijacking detection and mitigation system. Our contributions include (i) deployment strategies for hijacking detection and mitigation system (named as TOWERDEFENSE ): a practical service model for prefix hijacking protection and effective algorithms for selecting agent locations for detecting and mitigating prefix hijacking attacks; and (ii) large scale experiments on PlanetLab and extensive analysis on the performance of TOWERDEFENSE. We demonstrate that, by using only a few agents, TOWERDEFENSE can detect and mitigate prefix hijacking with up to 99.8% and 98.2% success ratios respectively.
Sponsor
Date
2010
Extent
Resource Type
Text
Resource Subtype
Technical Report
Rights Statement
Rights URI