DSpace Repository

Investigating Interdomain Routing in the Wild

Show simple item record

dc.contributor.advisor Gill, Phillipa en_US
dc.contributor.author Anwar, Ruwaifa en_US
dc.contributor.other Department of Computer Science en_US
dc.date.accessioned 2017-09-20T16:52:15Z
dc.date.available 2017-09-20T16:52:15Z
dc.date.issued 2016-12-01 en_US
dc.identifier.uri http://hdl.handle.net/11401/77233 en_US
dc.description 44 pgs en_US
dc.description.abstract Models of Internet routing are critical for studies of Internet security, reliability and evolution, which often rely on simulations of the Internet's routing system. Accurate models are difficult to build and suffer from a dearth of ground truth data, as ISPs often treat their connectivity and routing policies as trade secrets. In this environment, researchers rely on a number of simplifying assumptions and models proposed over a decade ago, which are widely criticized for their inability to capture routing policies employed in practice. This thesis makes the following two contributions: â— Investigating Interdomain Routing Policies. First we put Internet topologies and models under the microscope to understand where they fail to capture real routing behavior. We measure data plane paths from thousands of vantage points, located in eyeball networks around the globe, and find that between 14-35% of routing decisions are not explained by existing models. We then investigate these cases, and identify root causes such as selective prefix announcement, misclassification of undersea cables, and geographic constraints. Our work highlights the need for models that address such cases, and motivates the need for further investigation of evolving Internet connectivity. â— Detecting BGP hijacks and interceptions We develop a system to detect BGP hijacks and interceptions in near real-time. When BGP was designed, the security challenges were not kept in mind. BGP lacks techniques like path validation and origin verification, as a result malicious ASes can advertises prefixes they do not own and can redirect the traffic to themselves. This is called BGP hijacking. Similarly, malicious ASes can partake man in the middle attack by routing traffic to the legitimate owner of the prefixes after redirecting first to themselves. This type of attack is called man in the middle attack. We develop a system to observe BGP announcements and updates in real time. We use combination of heuristics based on control plane and data plane (targeted traceroutes data) to separate malicious BGP announcements from legitimate announcements en_US
dc.description.sponsorship This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree. en_US
dc.format Monograph en_US
dc.format.medium Electronic Resource en_US
dc.language.iso en_US en_US
dc.publisher The Graduate School, Stony Brook University: Stony Brook, NY. en_US
dc.subject.lcsh Computer science en_US
dc.subject.other BGP, Internet monitoring, Networks, Routing, Security en_US
dc.title Investigating Interdomain Routing in the Wild en_US
dc.type Thesis en_US
dc.mimetype Application/PDF en_US
dc.contributor.committeemember Das, Samir en_US
dc.contributor.committeemember Polychronakis, Michalis en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search DSpace

Advanced Search


My Account