A hybrid OpenFlow with intelligent detection and prediction models for preventing BGP path hijack on SDN
- 27 Downloads
The Border Gateway Protocol (BGP) is a path vector protocol whose fundamental aim is to exchange the information across the Internet, which directs data between autonomous systems. The significant drawback of the BGP is that it does not address security; path hijacking is one of the top-rated cyber hijacks. Existing methods such as sBGP, soBGP and PGBGP have focused more on detecting path hijacking rather than preventing. Hence, we propose an intelligent model to detect abnormal behavior of a network and to predict and prevent BGP path hijacking (DPPBGP) in software-defined networks. The main objective of our proposed model is to reduce detection time and the controller workload with SFlow-integrated OpenFlow. Three modules of our model are as follows: (1) Based on the abnormal behavior of the network, we evaluated the statistics. We use the statistic features in the cumulative sum abnormal detection algorithm to detect abnormal behavior and flows proficiently and perfectly with less detection time. (2) An intelligent machine learning approach knows as a Pattern Sequence Forecasting algorithm is used to forecast the behavior of the network. (3) After the detection or the forecast of abnormality, path hijack is prevented by killing the appropriate PID based on SFlow analyzer. Simulation results show how large the network of this model can perform accurately and effectively.
KeywordsBGP SDN Inter-domain routing Autonomous systems CUSUM Machine learning Pattern Sequence Forecast Network security
Compliance with ethical standards
Conflict of interest
The authors declare that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
Informed consent was obtained from all individual participants included in the study.
- Basit A, Ahmed N (2017) Path diversity for inter-domain routing security. In: 2017 14th international Bhurban conference on applied sciences and technology (IBCAST), pp 384–391. IEEEGoogle Scholar
- Bellovin S (2003) SBGP- Secure BGP in NANOG28, JunGoogle Scholar
- Bokde N, Asencio-Cortés G, Martínez-Álvarez F, Kulat K (2016) Psf: Introduction to r package for pattern sequence based forecasting algorithm. arXiv preprint arXiv:1606.05492
- Chang G, Arianezhad M, Trajković L (2016) Using resource public key infrastructure for secure border gateway protocol. In: 2016 IEEE Canadian conference on electrical and computer engineering (CCECE), pp 1–6. IEEEGoogle Scholar
- Cooper D, Santesson S, Farrell S, Boeyen S, Housley R, Polk W (2008) Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile (No. RFC 5280)Google Scholar
- Goodell G, Aiello W, Griffin T, Ioannidis J, McDaniel PD, Rubin AD (2003) Working around BGP: an incremental approach to improving security and accuracy in interdomain routing. In: NDSS, vol 23, p 156Google Scholar
- Hu X, Mao ZM (2007) Accurate real-time identification of IP prefix hijacking. In: 2007 IEEE symposium on security and privacy (SP’07), pp 3–17. IEEEGoogle Scholar
- Hyndman RJ, Khandakar Y (2007) Automatic time series for forecasting: the forecast package for R (No. 6/07). Clayton VIC, Australia: Monash University, Department of Econometrics and Business StatisticsGoogle Scholar
- Karaoglu HT, Yuksel M (2013) Offloading routing complexity to the cloud (s). In: 2013 IEEE international conference on communications workshops (ICC), pp 1367–1371. IEEEGoogle Scholar
- Kinga F (2015) CUSUM anomaly detection (CAD)—a novel anomaly detection algorithm in public group Portland-Data-Science-Group-events-226361104Google Scholar
- Kurt MN, Yilmaz Y, Wang X (2018) Real-time nonparametric anomaly detection in high-dimensional settings. arXiv preprint arXiv:1809.05250
- Murphy S (2005) BGP security vulnerabilities analysis (No. RFC 4272)Google Scholar
- Ng J (2004) Extensions to BGP to support secure origin BGP (soBGP). Internet DraftGoogle Scholar
- NOCTION (2018) BGP hijacking overview. Routing incidents prevention and defense mechanisms. (Updated) in https://www.noction.com/blog/bgp-hijacking
- Sahrish KT, Nadeem ST (2016) Routing techniques in software defined networks: a survey IEEE (IBCAST 2016), Islamabad, PakistanGoogle Scholar
- Schlamp J, Carle G, Biersack EW (2012) How to prevent AS hijacking attacks. In: Proceedings of the 2012 ACM conference on CoNEXT student workshop, pp 29–30. ACMGoogle Scholar
- Scott-Hayward S, O’Callaghan G, Sezer S (2013) SDN security: a survey. In IEEE SDN For Future Networks and Services (SDN4FNS, pp 1–7Google Scholar
- Yan H, Oliveira R, Burnett K, Matthews D, Zhang L, Massey D (2009) BGPmon: a real-time, scalable, extensible monitoring system. In: 2009 cybersecurity applications and technology conference for homeland security, pp 212–223. IEEEGoogle Scholar
- Yaping L, Wenping D, Zhihong L, Feng H (2015) 3S: three-signature path authentication for BGP security. Secur Commun Netw 3:3002–3014Google Scholar
- Yun JK, Hong B, Kim Y (2015) The policy-based AS_PATH verification to prevent 1-hop as path hijacking by monitoring BGP live streams. Int J Adv Secur 8(1 & 2):2015Google Scholar