Design And Implementation Of Path Hijacking Detection System Based On Active Detection

In the Internet,routing information between autonomous systems(ASes)is dynamically exchanged turough the inter-domain routing protocol BGP.Although this distributed routing protocol enables flexible and efficient route selection between ASes,it also brings some security issues,including path hijacking attacks.Attackers can redirect traffic from its original route to a path controlled by the attacker by forging route information,allowing them to monitor,manipulate,and control network data.In order to solve the problem of path hijacking,a detection scheme based on hop-by-hop signatures has been proposed to protect the integrity of the path in routing announcement messages and resist path hijacking.However,the high overhead of hop-by-hop signatures makes it difficult to deploy.Collaborative detection schemes based on information sharing rely on the commercial relationships between ASes to detect path hijacking,but commercial privacy constraints limit the deployment of such mechanisms.Therefore,existing path hijacking detection techniques still cannot meet the privacy and security expectations of network service providers.This paper focuses on two security issues caused by path hijacking,namely traffic blackholes and man-in-the-middle attacks,and proposes a detection scheme based on active probing.Firstly,this scheme uses blockchain to construct a path hijacking detection alliance and utilizes the feature of information synchronization among alliance nodes through broadcasting to provide a secure connection for path probing between the two nodes that need to perform the detection.Path probing announcements are transmitted on this secure connection,solving the problem of information synchronization when two nodes cooperate to probe the path.The MD5 algorithm is used to generate message digests to encrypt the path information in the probing messages,avoiding the problem of probing messages being intercepted and tampered with by the attacked nodes in traditional probing methods,resulting in ineffective detection.Based on the results of active probing,traffic blackhole hijacking is detected by checking whether the probing message can reach the destination network,and man-in-the-middle hijacking is detected by comparing the path information in the message with the path to the destination node.The proposed scheme does not require the sharing of adjacency relationships or commercial relationships,can meet the privacy and security needs of network service providers,and does not require full-path deployment,making it lightweight to deploy.Based on the proposed method,a path hijacking detection system is designed and implemented,mainly consisting of a routing table information monitoring module,a probing announcement sending and receiving module,and a probing message sending and receiving module.The system performs suspicious path monitoring,probing announcement assembly and synchronization,and probing message assembly and verification.Tests show that this system can detect both traffic blackhole and man-in-the-middle path hijacking attacks and provide a platform for displaying and managing path probing results.