A Prefix Hijacking Detection Model Based on the Immune Network Theory

Abstract

The prefix hijacking problem is an urgent security issue that need to address in the Border Gateway Protocol (BGP) security research. In order to solve the problem of prefix hijacking in BGP, we propose (a) new (p)refix (h)ijacking (d)etection model based on the immune network theory in this paper, called aPHD. To be specific, aPHD uses real BGP UPDATE messages for pre-training and has the ability to detect UPDATE messages in real time after pre-training. The aPHD (1) can effectively detect prefix hijacking attacks with high accuracy; (2)is easy to deployment; and (3) has a low false positive rate and low overhead. Extensive performance evaluation shows that our solution is secure and feasible. The aPHD improved the accuracy rate by 6.2% and reduced the false positive rate by 85.7%.