Origin hijacking anomalies pose significant threats to inter-domain routing security, necessitating robust detection methods to mitigate their adverse impacts. However, current machine learning-based approaches often suffer from limited detection accuracy. In this study, we investigate the detrimental impact of legitimate MOAS conflicts on the performance of origin hijacking detection. To support our analysis, we construct two ground truth datasets using the BGPmon anomaly detection system and the RPKI database. We then evaluate four state-of-the-art detection models through a series of comparative experiments. The results reveal that the legitimate MOAS conflicts is a primary factor contributing to the reduced accuracy of existing detection techniques. Furthermore, we identify 13 effective features for distinguishing legitimate from illegitimate MOAS conflicts. Experimental evaluations demonstrate that incorporating a legitimacy filtering step prior to hijacking subtype classification improves detection accuracy by an average of 12%. Based on these findings, we recommend that origin hijacking detection frameworks incorporate legitimacy assessment of MOAS conflicts as a preliminary step to enhance overall detection precision.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

What Interferes with the Accurate Detection of Origin Hijacking Anomalies?

  • Yuancheng Xie,
  • Zhaoxin Zhang,
  • Ning Li

摘要

Origin hijacking anomalies pose significant threats to inter-domain routing security, necessitating robust detection methods to mitigate their adverse impacts. However, current machine learning-based approaches often suffer from limited detection accuracy. In this study, we investigate the detrimental impact of legitimate MOAS conflicts on the performance of origin hijacking detection. To support our analysis, we construct two ground truth datasets using the BGPmon anomaly detection system and the RPKI database. We then evaluate four state-of-the-art detection models through a series of comparative experiments. The results reveal that the legitimate MOAS conflicts is a primary factor contributing to the reduced accuracy of existing detection techniques. Furthermore, we identify 13 effective features for distinguishing legitimate from illegitimate MOAS conflicts. Experimental evaluations demonstrate that incorporating a legitimacy filtering step prior to hijacking subtype classification improves detection accuracy by an average of 12%. Based on these findings, we recommend that origin hijacking detection frameworks incorporate legitimacy assessment of MOAS conflicts as a preliminary step to enhance overall detection precision.