Print Email Facebook Twitter Analysing BGP Origin Hijacks Title Analysing BGP Origin Hijacks Author van Veen, Simone (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Cyber Security) Contributor Doerr, Christian (mentor) Picek, Stjepan (graduation committee) Murukannaiah, Pradeep (graduation committee) Degree granting institution Delft University of Technology Date 2019-12-18 Abstract In the past years, society has become increasingly more reliant on the Internet. Consequently, the security of the Internet became of critical importance. This thesis focusses on the security of one of the Internet's main protocols. This protocol, called the Border Gateway Protocol (BGP), is used to exchange information that allows Internet traffic to reach its intended destination. BGP is vulnerable to misconfigurations and attacks that can cause a range of problems. This thesis focusses on one of them: BGP origin hijacks. In this thesis, a year of possible origin hijacks is analysed. These possible origin hijacks were detected by BGPStream between 20 May 2018 and 31 May 2019. Analysing these hijacks gives insight into the causes and characteristics of origin hijacks. This can help to find the most pressing issues and may provide guidance in securing BGP. Various data sources are used to collect and compute features that give more information on each hijack. These features are used to find relations between hijacks and to label them using labels that indicate a cause or a certain aspect of the hijack. These relations and labels are used to analyse groups of similar hijacks. This approach is very effective. Using the context of a group of hijacks gives much more insight than looking at hijacks individually. It shows that many of the possible hijacks are likely not a hijack at all and that hijacks that look like origin hijacks are often the result of another type of attack called a path hijack. In addition, this thesis provides a way to detect several types of misconfigurations and points out weaknesses in the detection system used by BGPStream. It also gives an overview of the characteristics of hijacks and how often specific behaviour occurs. Subject BGPOrigin hijacksInternet To reference this document use: http://resolver.tudelft.nl/uuid:295dd608-fdf0-4702-8d64-514ca0a011af Part of collection Student theses Document type master thesis Rights © 2019 Simone van Veen Files PDF report.pdf 2.82 MB Close viewer /islandora/object/uuid:295dd608-fdf0-4702-8d64-514ca0a011af/datastream/OBJ/view