An ontological graph identification method for improving localisation of IP prefix hijacking in network systems
Date
2020
Authors
Alkadi, O.S.
Moustafa, N.
Turnbull, B.
Choo, K.K.R.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Journal article
Citation
IEEE Transactions on Information Forensics and Security, 2020; 15:1164-1174
Statement of Responsibility
Conference Name
Abstract
IP prefix hijacking continues to be a pervasive cyber security threat to the core internet routing infrastructure. The data security of multiple cloud-based services is also susceptible to these threats, due to the high dependency on traditional routing protocols. Although a number of hijacking detection techniques have been recently proposed, no existing system has effectively addressed the problem of detecting malicious transit Autonomous System (AS) services in any detected hijacking occurrences. The ability to locate and isolate malicious services is critical for conducting a necessary mitigation strategy at an early stage, to minimise the impact of the attack, to restore cloud services quickly. In this paper, we propose an effective real-time processing method, so-called Ontological Graph Identification (OGI), for detecting IP prefix hijacking of nodes and suspicious transit nodes caused by the hijacked nodes through ASs. The proposed method is evaluated using the two public datasets of RIPE RIS and RouteView. Experimental results revealed improved performance for the detection of malicious transit nodes compared with peer techniques. It is, therefore, shown that the proposed method has utility in automating the process of investigating nodes with suspicious activities in real network systems.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2019 IEEE