Learning to Identify Conflicts in RPKI

• URL: http://arxiv.org/abs/2502.03378v1
• Date: Wed, 05 Feb 2025 17:16:44 GMT
• Title: Learning to Identify Conflicts in RPKI
• Authors: Haya Schulmann, Shujie Zhao,
• Abstract summary: We introduce a new mechanism, LOV, designed for whitelisting benign conflicts on an Internet scale.<n>We measure live BGP updates using LOV during a period of half a year and whitelist 52,846 routes with benign origin errors.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The long history of misconfigurations and errors in RPKI indicates that they cannot be easily avoided and will most probably persist also in the future. These errors create conflicts between BGP announcements and their covering ROAs, causing the RPKI validation to result in status invalid. Networks that enforce RPKI filtering with Route Origin Validation (ROV) would block such conflicting BGP announcements and as a result lose traffic from the corresponding origins. Since the business incentives of networks are tightly coupled with the traffic they relay, filtering legitimate traffic leads to a loss of revenue, reducing the motivation to filter invalid announcements with ROV. In this work, we introduce a new mechanism, LOV, designed for whitelisting benign conflicts on an Internet scale. The resulting whitelist is made available to RPKI supporting ASes to avoid filtering RPKI-invalid but benign routes. Saving legitimate traffic resolves one main obstacle towards RPKI deployment. We measure live BGP updates using LOV during a period of half a year and whitelist 52,846 routes with benign origin errors.

Related papers

• Is Crunching Public Data the Right Approach to Detect BGP Hijacks? [46.60173408970299]
  Border Gateway Protocol (BGP) remains a fragile pillar of Internet routing.<n>Recent approaches like DFOH and BEAM apply machine learning (ML) to analyze data from globally distributed BGP monitors.<n>This paper shows that state-of-the-art hijack detection systems like DFOH and BEAM are vulnerable to data poisoning.
  arXiv  Detail & Related papers  (2025-07-27T22:35:21Z)
• Universal Model Routing for Efficient LLM Inference [69.86195589350264]
  Model routing is a technique for reducing the inference cost of large language models (LLMs)<n>We propose UniRoute, a new approach to the problem of dynamic routing, where new, previously unobserved LLMs are available at test time.<n>We show that these are estimates of a theoretically optimal routing rule, and quantify their errors via an excess risk bound.
  arXiv  Detail & Related papers  (2025-02-12T20:30:28Z)
• Red Pill and Blue Pill: Controllable Website Fingerprinting Defense via Dynamic Backdoor Learning [93.44927301021688]
  Website fingerprint (WF) attacks covertly monitor user communications to identify the web pages they visit.<n>Existing WF defenses attempt to reduce the attacker's accuracy by disrupting unique traffic patterns.<n>We introduce Controllable Website Fingerprint Defense (CWFD), a novel defense perspective based on backdoor learning.
  arXiv  Detail & Related papers  (2024-12-16T06:12:56Z)
• RPKI: Not Perfect But Good Enough [18.399905446335904]
  The Resource Public Key Infrastructure protocol was standardized to add cryptographic security to Internet routing. The White House indicated in its Roadmap to Enhance Internet Security, on 4 September 2024, that RPKI is a mature and readily available technology for securing inter-domain routing. This work presents the first comprehensive study of the maturity of RPKI as a viable production-grade technology.
  arXiv  Detail & Related papers  (2024-09-22T16:21:14Z)
• Byzantine-Secure Relying Party for Resilient RPKI [17.461853355858022]
  We develop BRP, a Byzantine-Secure relying party implementation. We show through simulations and experiments that BRP, as an intermediate RPKI service, results in less load on RPKI publication points and a robust output despite RPKI repository failures, jitter, and attacks.
  arXiv  Detail & Related papers  (2024-05-01T14:04:48Z)
• The CURE To Vulnerabilities in RPKI Validation [19.36803276657266]
  RPKI has seen increasing adoption, with now 37.8% of the major networks filtering bogus BGP routes. We report a total of 18 vulnerabilities that can be exploited to downgrade RPKI validation in border routers. We generate over 600 million test cases and tested all popular RPs on them.
  arXiv  Detail & Related papers  (2023-12-04T13:09:37Z)
• ROCO: A Roundabout Traffic Conflict Dataset [65.55451440776098]
  We introduce and analyze ROCO - a real-world roundabout traffic conflict dataset. The data is collected at a two-lane roundabout at the intersection of State St. and W. Ellsworth Rd. in Ann Arbor, Michigan. In total 557 traffic conflicts and 17 traffic crashes are collected from August 2021 to October 2021.
  arXiv  Detail & Related papers  (2023-03-01T15:09:45Z)
• IBP Regularization for Verified Adversarial Robustness via Branch-and-Bound [85.6899802468343]
  We present IBP-R, a novel verified training algorithm that is both simple effective. We also present UPB, a novel robustness based on $beta$-CROWN, that reduces the cost state-of-the-art branching algorithms.
  arXiv  Detail & Related papers  (2022-06-29T17:13:25Z)
• Divide to Adapt: Mitigating Confirmation Bias for Domain Adaptation of Black-Box Predictors [94.78389703894042]
  Domain Adaptation of Black-box Predictors (DABP) aims to learn a model on an unlabeled target domain supervised by a black-box predictor trained on a source domain. It does not require access to both the source-domain data and the predictor parameters, thus addressing the data privacy and portability issues of standard domain adaptation. We propose a new method, named BETA, to incorporate knowledge distillation and noisy label learning into one coherent framework.
  arXiv  Detail & Related papers  (2022-05-28T16:00:44Z)
• Discriminator-Free Generative Adversarial Attack [87.71852388383242]
  Agenerative-based adversarial attacks can get rid of this limitation. ASymmetric Saliency-based Auto-Encoder (SSAE) generates the perturbations. The adversarial examples generated by SSAE not only make thewidely-used models collapse, but also achieves good visual quality.
  arXiv  Detail & Related papers  (2021-07-20T01:55:21Z)
• Challenges in Net Neutrality Violation Detection: A Case Study of Wehe Tool and Improvements [0.0]
  We focus on Wehe,' the most recent tool developed to detect net-neutrality violations. We highlight critical weaknesses in Wehe where its replay traffic is not being correctly classified as intended services. We propose a new method in which the SNI parameter is set appropriately in the initial TLS handshake.
  arXiv  Detail & Related papers  (2021-01-12T15:42:30Z)
• Towards Bidirectional Protection in Federated Learning [70.36925233356335]
  F2ED-LEARNING offers bidirectional defense against malicious centralized server and Byzantine malicious clients. F2ED-LEARNING securely aggregates each shard's update and launches FilterL2 on updates from different shards. evaluation shows that F2ED-LEARNING consistently achieves optimal or close-to-optimal performance.
  arXiv  Detail & Related papers  (2020-10-02T19:37:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.