ScholarlyCommons

Title

AS-CRED: Reputation and Alert Service for Inter-Domain Routing

Author(s)

Jian Chang, OpenX, Pasadena, CA
Krishna Venkatasubramanian, Worcester Polytechnic InstituteFollow
Andrew G. West, University of PennsylvaniaFollow
Sampath Kannan, University of PennsylvaniaFollow
Insup Lee, University of PennsylvaniaFollow
Boon Thau Loo, University of PennsylvaniaFollow
Oleg Sokolsky, University of PennsylvaniaFollow

Date of this Version

9-2013

Document Type

Journal Article

Recommended Citation

Jian Chang, Krishna Venkatasubramanian, Andrew G. West, Sampath Kannan, Insup Lee, Boon Thau Loo, and Oleg Sokolsky, "AS-CRED: Reputation and Alert Service for Inter-Domain Routing", Systems Journal, IEEE 7(3), 396-409. September 2013. http://dx.doi.org/10.1109/JSYST.2012.2221856

Abstract

Being the backbone routing system of the Internet, the operational aspect of the inter-domain routing is highly complex. Building a trustworthy ecosystem for inter-domain routing requires the proper maintenance of trust relationships among tens of thousands of peer IP domains called Autonomous Systems (ASes). ASes today implicitly trust any routing information received from other ASes as part of the Border Gateway Protocol (BGP) updates. Such blind trust is problematic given the dramatic rise in the number of anomalous updates being disseminated, which pose grave security consequences for the inter-domain routing operation. In this paper, we present ASCRED, an AS reputation and alert service that not only detects anomalous BGP updates, but also provides a quantitative view of AS’ tendencies to perpetrate anomalous behavior.

AS-CRED focuses on detecting two types of anomalous updates (1)hijacked: updates where ASes announcing a prefix that they do not own; and (2) vacillating: updates that are part of a quick succession of announcements and withdrawals involving a specific prefix, rendering the information practically ineffective for routing. AS-CRED works by analyzing the past updates announced by ASes for the presence of these anomalies. Based on this analysis, it generates AS reputation values that provide an aggregate and quantitative view of the AS’ anomalous behavior history. The reputation values are then used in a tiered alert system for tracking any subsequent anomalous updates observed. Analyzing AS-CRED’s operation with real-world BGP traffic over six months, we demonstrate the effectiveness and improvement of the proposed approach over similar alert systems.

Subject Area

CPS Internet of Things

Publication Source

Systems Journal, IEEE

Volume

7

Issue

3

Start Page

396

Last Page

409

DOI

10.1109/JSYST.2012.2221856

Copyright/Permission Statement

© 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

Border Gateway Protocol, autonomous systems, reputation, alert service