Ana Subtil, M. Rosário Oliveira, Rui Valadas, Paulo Salvador, António Pacheco
{"title":"Detection of Internet-wide traffic redirection attacks using machine learning techniques","authors":"Ana Subtil, M. Rosário Oliveira, Rui Valadas, Paulo Salvador, António Pacheco","doi":"10.1049/ntw2.12085","DOIUrl":null,"url":null,"abstract":"<p>Internet-wide traffic redirection attacks have been reported for long, and are mainly caused by Border Gateway Protocol route hijacking. Such attacks can be quite harmful, impairing access to popular Internet sites for long periods. This work addresses the use of machine learning techniques (both unsupervised and supervised) leveraging from a distributed monitoring infrastructure of probes that measure the round trip time to Internet sites under surveillance. The detection process is separated into two stages: per-probe classification and a combination of individual probe decisions. Our results show that the best strategy is to classify using an unsupervised technique based on Tukey's method and to combine using Hidden Markov Models, due to its performance and adaptability to different attack types.</p>","PeriodicalId":46240,"journal":{"name":"IET Networks","volume":"12 4","pages":"179-195"},"PeriodicalIF":1.3000,"publicationDate":"2023-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ntw2.12085","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Networks","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/ntw2.12085","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Internet-wide traffic redirection attacks have been reported for long, and are mainly caused by Border Gateway Protocol route hijacking. Such attacks can be quite harmful, impairing access to popular Internet sites for long periods. This work addresses the use of machine learning techniques (both unsupervised and supervised) leveraging from a distributed monitoring infrastructure of probes that measure the round trip time to Internet sites under surveillance. The detection process is separated into two stages: per-probe classification and a combination of individual probe decisions. Our results show that the best strategy is to classify using an unsupervised technique based on Tukey's method and to combine using Hidden Markov Models, due to its performance and adaptability to different attack types.
IET NetworksCOMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
5.00
自引率
0.00%
发文量
41
审稿时长
33 weeks
期刊介绍:
IET Networks covers the fundamental developments and advancing methodologies to achieve higher performance, optimized and dependable future networks. IET Networks is particularly interested in new ideas and superior solutions to the known and arising technological development bottlenecks at all levels of networking such as topologies, protocols, routing, relaying and resource-allocation for more efficient and more reliable provision of network services. Topics include, but are not limited to: Network Architecture, Design and Planning, Network Protocol, Software, Analysis, Simulation and Experiment, Network Technologies, Applications and Services, Network Security, Operation and Management.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
