Empirical study of new metrics for the internet route hijack risk assessment

Abstract

Possibility of dynamic routes change between nodes which are not physically connected is a key feature of the Internet routing. With two key concepts - one-hop forwarding in routing process and possibility of address space aggregation for routing purposes, the Internet became global and can grow virtually unlimited. However, one of the most significant problems of the Internet connectivity is caused by the Border Gateway Protocol (BGP) weaknesses - lack of verification of input routing data. It leads to the so-called route leaks and route hijacks. None of proposed and partially implemented upgrades and add-ons which are referred to as MANRS can deliver reliable defense against those types of attacks. Route hijack detection services are mainly provided by third-party services such as BGPMon. They track worldwide routes by tracing and keep track of route announcements in BGP, and notify the network administrator of suspicious events related to their prefixes based on routing information. And the main problem is that monitoring alert is post-mortem reaction when the routing accident has already happened or is happening. That's why it is necessary to learn how to manage risks arising from cyber attacks on global routing. Assessing the risks of route interception requires quantitative measurement of the impact of an attack on the routing distortion, and therefore, the breach of information security. This offers a way of exploring the topology of connections between Internet nodes to further solve the risk management task with topology methods. In previous papers we used the knowledge of the features of the Internet topology to find the relationship between topology and global routing vulnerability. One of the most important steps was to build a formal model of global Internet routing with formal description for objects, relations and processes of the Internet routingsuch as the IP address, address space, network prefix and their encapsulation, route, best path, and routing itself. In this paper we offer new node metrics for representation of both components of information security risk - possible losses and likelihood of losses. The first metric, which we have, called 'significance', is tied it to importance of node in routes distribution, with impact of number and weight of announced prefixes. The second metric, called 'trust', reflects likelihood of hijacking a route on a particular node. Finally, we demonstrate some empirical results of how these metrics can model the effective network topology regarding relaxation risks of route hijack.