Estimating the Impact of BGP Prefix Hijacking

TL;DR

This paper develops and validates practical methods to accurately estimate the impact of BGP prefix hijacking on Internet networks using network measurements and public infrastructure data.

Contribution

It introduces novel measurement-based methodologies for quantifying hijack impact, including a lightweight ping-based estimator and an infrastructure measurement approach.

Findings

The proposed methods improve impact estimation accuracy.

Analytical results reveal trade-offs and limits of measurement approaches.

Validation confirms effectiveness in real Internet hijacking scenarios.

Abstract

BGP prefix hijacking is a critical threat to the resilience and security of communications in the Internet. While several mechanisms have been proposed to prevent, detect or mitigate hijacking events, it has not been studied how to accurately quantify the impact of an ongoing hijack. When detecting a hijack, existing methods do not estimate how many networks in the Internet are affected (before and/or after its mitigation). In this paper, we study fundamental and practical aspects of the problem of estimating the impact of an ongoing hijack through network measurements. We derive analytical results for the involved trade-offs and limits, and investigate the performance of different measurement approaches (control/data-plane measurements) and use of public measurement infrastructure. Our findings provide useful insights for the design of accurate hijack impact estimation methodologies. Based on these insights, we design (i) a lightweight and practical estimation methodology that employs ping measurements, and (ii) an estimator that employs public infrastructure measurements and eliminates correlations between them to improve the accuracy. We validate the proposed methodologies and findings against results from hijacking experiments we conduct in the real Internet.