Global BGP Attacks that Evade Route Monitoring
- URL: http://arxiv.org/abs/2408.09622v1
- Date: Mon, 19 Aug 2024 00:29:42 GMT
- Title: Global BGP Attacks that Evade Route Monitoring
- Authors: Henry Birge-Lee, Maria Apostolaki, Jennifer Rexford,
- Abstract summary: Border Gateway Protocol (BGP) security measures are still in progress.
BGP monitoring continues to play a critical role in protecting the Internet from routing attacks.
We develop a novel attack that can hide itself from all state-of-the-art BGP monitoring systems.
- Score: 6.108950672801419
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: As the deployment of comprehensive Border Gateway Protocol (BGP) security measures is still in progress, BGP monitoring continues to play a critical role in protecting the Internet from routing attacks. Fundamentally, monitoring involves observing BGP feeds to detect suspicious announcements and taking defensive action. However, BGP monitoring relies on seeing the malicious BGP announcement in the first place! In this paper, we develop a novel attack that can hide itself from all state-of-the-art BGP monitoring systems we tested while affecting the entire Internet. The attack involves launching a sub-prefix hijack with the RFC-specified NO_EXPORT community attached to prevent networks with the malicious route installed from sending the route to BGP monitoring systems. We study the viability of this attack at four tier-1 networks and find all networks we studied were vulnerable to the attack. Finally, we propose a mitigation that significantly improves the robustness of the BGP monitoring ecosystem. Our paper aims to raise awareness of this issue and offer guidance to providers to protect against such attacks.
Related papers
- Is Crunching Public Data the Right Approach to Detect BGP Hijacks? [46.60173408970299]
Border Gateway Protocol (BGP) remains a fragile pillar of Internet routing.<n>Recent approaches like DFOH and BEAM apply machine learning (ML) to analyze data from globally distributed BGP monitors.<n>This paper shows that state-of-the-art hijack detection systems like DFOH and BEAM are vulnerable to data poisoning.
arXiv Detail & Related papers (2025-07-27T22:35:21Z) - BEAR: BGP Event Analysis and Reporting [10.153790653358625]
Border Gateway Protocol (BGP) anomalies can divert traffic through unauthorized or inefficient paths, jeopardizing network reliability and security.<n>BGP Event Analysis and Reporting framework generates comprehensive reports explaining detected BGP anomaly events.<n> BEAR achieves 100% accuracy, outperforming Chain-of-Thought and in-context learning baselines.
arXiv Detail & Related papers (2025-06-04T23:34:36Z) - CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
arXiv Detail & Related papers (2025-05-14T13:37:07Z) - In-House Evaluation Is Not Enough: Towards Robust Third-Party Flaw Disclosure for General-Purpose AI [93.33036653316591]
We call for three interventions to advance system safety.
First, we propose using standardized AI flaw reports and rules of engagement for researchers.
Second, we propose GPAI system providers adopt broadly-scoped flaw disclosure programs.
Third, we advocate for the development of improved infrastructure to coordinate distribution of flaw reports.
arXiv Detail & Related papers (2025-03-21T05:09:46Z) - Modern DDoS Threats and Countermeasures: Insights into Emerging Attacks and Detection Strategies [49.57278643040602]
Distributed Denial of Service (DDoS) attacks persist as significant threats to online services and infrastructure.
This paper offers a comprehensive survey of emerging DDoS attacks and detection strategies over the past decade.
arXiv Detail & Related papers (2025-02-27T11:22:25Z) - CP-Guard+: A New Paradigm for Malicious Agent Detection and Defense in Collaborative Perception [53.088988929450494]
Collaborative perception (CP) is a promising method for safe connected and autonomous driving.
We propose a new paradigm for malicious agent detection that effectively identifies malicious agents at the feature level.
We also develop a robust defense method called CP-Guard+, which enhances the margin between the representations of benign and malicious features.
arXiv Detail & Related papers (2025-02-07T12:58:45Z) - TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments [25.43682473591802]
We show how a spoofing attack is able to cause a production-ready O-RAN and 5G-compliant private cellular base station to catastrophically fail within 2 seconds of the attack.
To counter this, we design a Machine Learning-based monitoring solution capable of detecting various malicious attacks with over 97.5% accuracy.
arXiv Detail & Related papers (2024-12-17T16:13:37Z) - Do Not Trust Power Management: A Survey on Internal Energy-based Attacks Circumventing Trusted Execution Environments Security Properties [0.21665864340363084]
Since 2015, a new class of software-enabled hardware attacks leveraging energy management mechanisms has emerged.
Their aim is to bypass TEE security guarantees and expose sensitive information such as cryptographic keys.
This article presents the first comprehensive knowledge survey of these attacks, along with an evaluation of literature countermeasures.
arXiv Detail & Related papers (2024-05-24T13:26:39Z) - Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication.
Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z) - Defense against Joint Poison and Evasion Attacks: A Case Study of DERMS [2.632261166782093]
We propose the first framework of IDS that is robust against joint poisoning and evasion attacks.
We verify the robustness of our method on the IEEE-13 bus feeder model against a diverse set of poisoning and evasion attack scenarios.
arXiv Detail & Related papers (2024-05-05T16:24:30Z) - Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard.
TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent.
This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z) - Towards a Near-real-time Protocol Tunneling Detector based on Machine Learning Techniques [0.0]
We present a protocol tunneling detector prototype which inspects, in near real time, a company's network traffic using machine learning techniques.
The detector monitors unencrypted network flows and extracts features to detect possible occurring attacks and anomalies.
Results show 97.1% overall accuracy and an F1-score equals to 95.6%.
arXiv Detail & Related papers (2023-09-22T09:08:43Z) - When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures.
We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN.
Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
arXiv Detail & Related papers (2023-06-09T14:33:26Z) - GUARD: Graph Universal Adversarial Defense [54.81496179947696]
We present a simple yet effective method, named Graph Universal Adversarial Defense (GUARD)
GUARD protects each individual node from attacks with a universal defensive patch, which is generated once and can be applied to any node in a graph.
GUARD significantly improves robustness for several established GCNs against multiple adversarial attacks and outperforms state-of-the-art defense methods by large margins.
arXiv Detail & Related papers (2022-04-20T22:18:12Z) - Early Detection of Network Attacks Using Deep Learning [0.0]
A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing the network traffic.
We propose an end-to-end early intrusion detection system to prevent network attacks before they could cause any more damage to the system under attack.
arXiv Detail & Related papers (2022-01-27T16:35:37Z) - Physical Side-Channel Attacks on Embedded Neural Networks: A Survey [0.32634122554913997]
Neural Networks (NN) are expected to become ubiquitous in IoT systems by transforming all sorts of real-world applications.
embedded NN implementations are vulnerable to Side-Channel Analysis (SCA) attacks.
This paper surveys state-of-the-art physical SCA attacks relative to the implementation of embedded NNs on micro-controllers and FPGAs.
arXiv Detail & Related papers (2021-10-21T17:18:52Z) - TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack.
Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets.
TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z) - A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems.
This paper proposes a self-supervised adversarial training mechanism in the input space.
It provides significant robustness against the textbfunseen adversarial attacks.
arXiv Detail & Related papers (2020-06-08T20:42:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.