Paper Info
Title
PrefiSec: A Distributed Alliance Framework for Collaborative BGP Monitoring and Prefix-based Security
Abstract
This paper presents the design and data-driven overhead analysis of PrefiSec, a distributed framework that helps collaborating organizations to effectively maintain and share network information in the fight against miscreants. PrefiSec is a novel distributed IP-prefix-based solution, which maintains information about the activities associated with IP prefixes (blocks of IP addresses) and autonomous systems (AS). Within PrefiSec, we design and evaluate simple and scalable mechanisms and policies that allow participating entities to effectively share network information, which helps to protect against prefix/subprefix attacks, interception attacks, and a wide range of edge-based attacks, such as spamming, scanning, and botnet activities. Timely reporting of such information helps participants improve their security, keep their security footprints clean, and incentivizes participation. Public wide-area BGP-announcements, traceroutes, and simulations are used to estimate the overhead, scalability, and alert rates. Our results show that PrefiSec helps improve system security, and can scale to large systems.
Year
DOI
Venue
2014
10.1145/2663876.2663879
WISCS@CCS
Keywords
Field
DocType
security and protection,collaboration,distributed alliance framework,prefix-based security,interception,bgp monitoring,routing protocols,hijack,computer science
Alliance,Computer security,Botnet,Computer science,Computer network,Prefix,Autonomous system (Internet),Spamming,Scalability
Conference
Citations 
PageRank 
References 
5
0.40
29
Authors
3
Name
Order
Citations
PageRank
Rahul Hiran1282.90
Niklas Carlsson258551.31
Nahid Shahmehri3905117.15