By Topic

AS-CRED: Reputation and Alert Service for Interdomain Routing

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

7 Author(s)
Jian Chang ; Department of Computer and Information Science, University of Pennsylvania, Philadelphia, PA, USA ; Krishna K. Venkatasubramanian ; Andrew G. West ; Sampath Kannan
more authors

As the backbone routing system of the Internet, the operational aspect of the interdomain routing is highly complex. Building a trustworthy ecosystem for interdomain routing requires the proper maintenance of trust relationships among tens of thousands of peer IP domains called autonomous systems (ASes). ASes today implicitly trust any routing information received from other ASes as part of border gateway protocol (BGP) updates. Such blind trust is problematic given the dramatic rise in the number of anomalous updates being disseminated, which pose grave security consequences for the interdomain routing operation. In this paper, we present AS-CRED, an AS reputation and alert service that not only detects anomalous BGP updates, but also provides a quantitative view of AS' tendencies to perpetrate anomalous behavior. AS-CRED focuses on detecting two types of anomalous updates: 1) hijacked updates where ASes announcing a prefix that they do not own, and 2) vacillating updates that are part of a quick succession of announcements and withdrawals involving a specific prefix, rendering the information practically ineffective for routing. AS-CRED works by analyzing the past updates announced by ASes for the presence of these anomalies. Based on this analysis, it generates AS reputation values that provide an aggregate and quantitative view of the AS' anomalous behavior history. The reputation values are then used in a tiered alert system for tracking any subsequent anomalous updates observed. Analyzing AS-CRED's operation with real-world BGP traffic over six months, we demonstrate the effectiveness and improvement of the proposed approach over similar alert systems.

Published in:

IEEE Systems Journal  (Volume:7 ,  Issue: 3 )