Detecting IP prefix hijack events using BGP activity and AS connectivity analysis

The Border Gateway Protocol (BGP), the main component of core Internet connectivity, suffers vulnerability issues related to the impersonation of the ownership of IP prefixes for Autonomous Systems (ASes). In this context, a number of studies have focused on securing the BGP through several techniques, such as monitoring-based, historical-based and statistical-based behavioural models. In spite of the significant research undertaken, the proposed solutions cannot detect the IP prefix hijack accurately or even differentiate it from other types of attacks that could threaten the performance of the BGP. This research proposes three novel detection methods aimed at tracking the behaviour of BGP edge routers and detecting IP prefix hijacks based on statistical analysis of variance, the attack signature approach and a classification-based technique. The first detection method uses statistical analysis of variance to identify hijacking behaviour through the normal operation of routing information being exchanged among routers and their behaviour during the occurrence of IP prefix hijacking. However, this method failed to find any indication of IP prefix hijacking because of the difficulty of having raw BGP data hijacking-free. The research also proposes another detection method that parses BGP advertisements (announcements) and checks whether IP prefixes are announced or advertised by more than one AS. If so, events are selected for further validation using Regional Internet Registry (RIR) databases to determine whether the ASes announcing the prefixes are owned by the same organisation or different organisations. Advertisements for the same IP prefix made by ASes owned by different organisations are subsequently identified as hijacking events. The proposed algorithm of the detection method was validated using the 2008 YouTube Pakistan hijack event; the analysis demonstrates that the algorithm qualitatively increases the accuracy of detecting IP prefix hijacks. The algorithm is very accurate as long as the RIRs (Regional Internet Registries) are updated concurrently with hijacking detection. The detection method and can be integrated and work with BGP routers separately. Another detection method is proposed to detect IP prefix hijacking using a combination of signature-based (parsing-based) and classification-based techniques. The parsing technique is used as a pre-processing phase before the classification-based method. Some features are extracted based on the connectivity behaviour of the suspicious ASes given by the parsing technique. In other words, this detection method tracks the behaviour of the suspicious ASes and follows up with an analysis of their interaction with directly and indirectly connected neighbours based on a set of features extracted from the ASPATH information about the suspicious ASes. Before sending the extracted feature values to the best five classifiers that can work with the specifications of an implemented classification dataset, the detection method computes the similarity between benign and malicious behaviours to determine to what extent the classifiers can distinguish suspicious behaviour from benign behaviour and then detect the hijacking. Evaluation tests of the proposed algorithm demonstrated that the detection method was able to detect the hijacks with 96% accuracy and can be integrated and work with BGP routers separately.Saudi Cultural Burea

ROVER: a DNS-based method to detect and prevent IP hijacks

2013 Fall.Includes bibliographical references.The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 16 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in February 2012, and an event that partially crippled Google in November 2012. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the Internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic. In this dissertation we propose ROVER (Route Origin VERification System), a novel and practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER exploits the reverse DNS for storing route origin data and provides a fail-safe, best effort approach to authentication. This approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. Our thesis is that ROVER systems can be deployed by a small number of institutions in an incremental fashion and still effectively thwart origin and sub-prefix IP hijacking despite non-participation by the majority of Autonomous System owners. We then present research results supporting this statement. We evaluate the effectiveness of ROVER using simulations on an Internet scale topology as well as with tests on real operational systems. Analyses include a study of IP hijack propagation patterns, effectiveness of various deployment models, critical mass requirements, and an examination of ROVER resilience and scalability

On the dynamics of interdomain routing in the Internet

The routes used in the Internet's interdomain routing system are a rich information source that could be exploited to answer a wide range of questions.  However, analyzing routes is difficult, because the fundamental object of study is a set of paths. In this dissertation, we present new analysis tools -- metrics and methods -- for analyzing paths, and apply them to study interdomain routing in the Internet over long periods of time. Our contributions are threefold. First, we build on an existing metric (Routing State Distance) to define a new metric that allows us to measure the similarity between two prefixes with respect to the state of the global routing system. Applying this metric over time yields a measure of how the set of paths to each prefix varies at a given timescale. Second, we present PathMiner, a system to extract large scale routing events from background noise and identify the AS (Autonomous System) or AS-link most likely responsible for the event. PathMiner is distinguished from previous work in its ability to identify and analyze large-scale events that may re-occur many times over long timescales. We show that it is scalable, being able to extract significant events from multiple years of routing data at a daily granularity. Finally, we equip Routing State Distance with a new set of tools for identifying and characterizing unusually-routed ASes. At the micro level, we use our tools to identify clusters of ASes that have the most unusual routing at each time. We also show that analysis of individual ASes can expose business and engineering strategies of the organizations owning the ASes.  These strategies are often related to content delivery or service replication. At the macro level, we show that the set of ASes with the most unusual routing defines discernible and interpretable phases of the Internet's evolution. Furthermore, we show that our tools can be used to provide a quantitative measure of the "flattening" of the Internet

Comedy in Unfunny Times: News Parody and Carnival after 9/11

Comedy has a special role in helping societies manage crisis moments, and the U.S. media paid considerable attention to the proper role of comedy in public culture after the 9/11 tragedies. As has been well documented, many popular U.S. comic voices were paralyzed in trying to respond to 9/11 or disciplined by audiences when they did. Starting with these obstacles in mind, this essay analyzes early comic responses to 9/11, and particularly those of the print and online news parody The Onion, as an example of how “fake” news discourse could surmount the rhetorical chill that fell over public culture after the tragedies. By exposing the news as “mere” production and by setting an agenda for learning about Islamic culture and Middle East politics, The Onion avoided violating decorum and invited citizen participation. This kind of meta-discourse was crucial after 9/11, when shifting rules for decorum created controversy and as official voices in government and media honed frames and narratives for talking about the attacks

Modelling and Design of Resilient Networks under Challenges

Communication networks, in particular the Internet, face a variety of challenges that can disrupt our daily lives resulting in the loss of human lives and significant financial costs in the worst cases. We define challenges as external events that trigger faults that eventually result in service failures. Understanding these challenges accordingly is essential for improvement of the current networks and for designing Future Internet architectures. This dissertation presents a taxonomy of challenges that can help evaluate design choices for the current and Future Internet. Graph models to analyse critical infrastructures are examined and a multilevel graph model is developed to study interdependencies between different networks. Furthermore, graph-theoretic heuristic optimisation algorithms are developed. These heuristic algorithms add links to increase the resilience of networks in the least costly manner and they are computationally less expensive than an exhaustive search algorithm. The performance of networks under random failures, targeted attacks, and correlated area-based challenges are evaluated by the challenge simulation module that we developed. The GpENI Future Internet testbed is used to conduct experiments to evaluate the performance of the heuristic algorithms developed

Tematski zbornik radova međunarodnog značaja. Tom 2 / Međunarodni naučni skup “Dani Arčibalda Rajsa”, Beograd, 10-11. mart 2016.

In front of you is the Thematic Collection of Papers presented at the International Scientific Conference “Archibald Reiss Days”, which was organized by the Academy of Criminalistic and Police Studies in Belgrade, in co-operation with the Ministry of Interior and the Ministry of Education, Science and Technological Development of the Republic of Serbia, National Police University of China, Lviv State University of Internal Affairs, Volgograd Academy of the Russian Internal Affairs Ministry, Faculty of Security in Skopje, Faculty of Criminal Justice and Security in Ljubljana, Police Academy “Alexandru Ioan Cuza“ in Bucharest, Academy of Police Force in Bratislava and Police College in Banjaluka, and held at the Academy of Criminalistic and Police Studies, on 10 and 11 March 2016. The International Scientific Conference “Archibald Reiss Days” is organized for the sixth time in a row, in memory of the founder and director of the first modern higher police school in Serbia, Rodolphe Archibald Reiss, PhD, after whom the Conference was named. The Thematic Collection of Papers contains 165 papers written by eminent scholars in the field of law, security, criminalistics, police studies, forensics, informatics, as well as by members of national security system participating in education of the police, army and other security services from Belarus, Bosnia and Herzegovina, Bulgaria, China, Croatia, Greece, Hungary, Macedonia, Montenegro, Romania, Russian Federation, Serbia, Slovakia, Slovenia, Spain, Switzerland, Turkey, Ukraine and United Kingdom. Each paper has been double-blind peer reviewed by two reviewers, international experts competent for the field to which the paper is related, and the Thematic Conference Proceedings in whole has been reviewed by five competent international reviewers. The papers published in the Thematic Collection of Papers contain the overview of contemporary trends in the development of police education system, development of the police and contemporary security, criminalistic and forensic concepts. Furthermore, they provide us with the analysis of the rule of law activities in crime suppression, situation and trends in the above-mentioned fields, as well as suggestions on how to systematically deal with these issues. The Collection of Papers represents a significant contribution to the existing fund of scientific and expert knowledge in the field of criminalistic, security, penal and legal theory and practice. Publication of this Collection contributes to improving of mutual cooperation between educational, scientific and expert institutions at national, regional and international level

Needs and Membership in Terrorist Organizations

One key to reducing terrorism may be to understand why individuals join terror groups, and to find ways to meet their needs through alternatives to discourage membership in terrorist organizations. The study introduces the hierarchy of needs framework to capture all previous pieces of explanations on why individuals join terror groups under one big umbrella, in order to see the big picture. It does not do a meta-analysis, but rather tests the framework. This study is designed to find out what perceived needs commonly motivate individuals to join terror groups in general and specific terror groups in particular. The research uses Turkey's terrorism experience as a case study which is supported with data from real terrorist in Turkey. Findings of the descriptive analyses show that majority joined a terror group due to social and affiliative needs. The remaining analyses (bivariate, cross-tabulation and binary logistic regression) show that confitents who perceived esteem and recognition were more likely to become members of other/leftist terror groups, and that rightist terror group members in Turkey tend to have higher education. Education mainly affects a confitent's perception of two needs: social and affiliation and self-actualization. Other demographic variables (age group, region of birth, marital status) die not yield any significant relation with membership in terror groups

ISSP data report: attitudes towards the role of government

Das 'International Social Survey Programme' (ISSP) führt in internationaler Kooperation jährlich eine gemeinsame Umfrage zu allgemeinen gesellschaftlich relevanten Themen durch. Der vorliegende Arbeitsbericht ist ein Datenreport zu einem Thema, dem eine besondere gesellschaftliche Bedeutung zukommt: Einstellungen der Bürger zu Staat und Regierung. Mit Ausnahme eines Themas wurden die analysierten Fragekomplexe mindestens zweimal erhoben und dokumentieren somit den Wandel und die Trends in den jeweiligen Themengebieten. In den einzelnen Kapiteln werden Einstellungen zu Bürgerrechten und Staatsintervention, Staat und soziale Wohlfahrt, Einflussnahme des Staates auf die Wirtschaft, Prioritäten bei staatlichen Ausgaben und die Interaktion zwischen Steuererhebung und Einkommensverteilung analysiert. Weitere Themen sind die Einschätzung des individuellen politischen Einflusses und die Motivation zum politischen Engagement sowie das Thema Korruption. (ICI