CHARACTERIZING BGP COMMUNITY IRREGULARITIES TOWARD AN ANOMALY DETECTION ENGINE
Loading...
Authors
Hardt, Alexander
Subjects
BGP
BGP communities
networking
routing
network traffic analysis
BGP communities
networking
routing
network traffic analysis
Advisors
Beverly, Robert
Date of Issue
2019-12
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Prior work has demonstrated ways in which to attack the Border Gateway Protocol (BGP) system as well as vulnerabilities of the BGP and its configuration. Furthermore, BGP attacks, such as hijacking, are common in the wild, whether due to accidental misconfiguration or malintent. Recent work demonstrates the feasibility and potential for new BGP attacks based on the BGP community attribute (rerouting and blackholing). Very recently, there have been BGP attacks using BGP communities in the wild. The major issues with BGP communities (among others) are that there is no cryptographic protection, attribution is very difficult, and they are used both for signaling and triggering actions. These issues present opportunities for misconfiguration and, more concerningly, abuse. Not only have BGP communities been shown to potentially allow a third party to trigger remote blackholing, false BGP community announcements can be used to re-route traffic to include a hop controlled by an attacker. This re-routing allows an attacker to potentially examine traffic on its way to its intended destination. Despite this rich body of prior work, no one has analyzed the use and misuse of BGP communities over time.
In this thesis, we characterize BGP community use and behavior over the course of a year to investigate the possibility of building a BGP community anomaly detector.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Copyright is reserved by the copyright owner.