Abrindo a Caixa-Preta – Aplicando IA Explicável para Aprimorar a Detecção de Sequestros de Prefixo
Resumo
O protocolo BGP não possui mecanismos nativos de segurança, permitindo que atacantes sequestrem prefixos. Trabalhos recentes utilizam aprendizado de máquina para identificar esses sequestros, mas os modelos são caixas-pretas, tornando inviável determinar se utilizam as features mais adequadas. Este trabalho aplica técnicas de Inteligência Artificial Explicável (XAI) para avaliar e melhorar um modelo de detecção de sequestros de prefixo proposto recentemente. A partir de uma análise extensiva do modelo original com 28 features, foram criados dois modelos com 11 e 5 features, que produzem resultados sem diferenças estatísticas do modelo completo, mas reduzem o tempo de processamento em mais de 30% e o espaço de armazenamento em mais de 59%.
Referências
Ahmed, M., Seraj, R., and Islam, S. M. S. (2020). The K-Means Algorithm: A Comprehensive Survey and Performance Evaluation. Electronics, 9(8):1295.
Alfroy, T., Holterbach, T., and Pelsser, C. (2022). MVP: Measuring Internet Routing from the Most Valuable Points. In Proceedings of the 22nd ACM IMC 2022, page 770–771.
Arai, T., Nakano, K., and Chakraborty, B. (2019). Selection of effective features for bgp anomaly detection. In 2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST), pages 1–6.
Beltiukov, R., Guo, W., Gupta, A., and Willinger, W. (2023). In Search of netUnicorn: A Data-Collection Platform to Develop Generalizable ML Models for Network Security Problems. In Proc. of the 2023 ACM CCS, CCS ’23, page 2217–2231.
Birge-Lee, H., Sun, Y., Edmundson, A., Rexford, J., and Mittal, P. (2018). Bamboozling Certificate Authorities with BGP. In Proc. of the 27th USENIX Security’18, pages 833–849.
Bühler, T., Milolidakis, A., Jacob, R., Chiesa, M., Vissicchio, S., and Vanbever, L. (2023). Oscilloscope: Detecting BGP Hijacks in the Data Plane. arXiv preprint arXiv:2301.12843.
Bush, R. and Austein, R. (2017). The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1. RFC 8210.
CAIDA (2001). CAIDA AS Rank. [link].
CAIDA (2015). AS Relationships (Serial-2). [link].
Carvalho, A. B., da Silva Jr, B. A., da Silva, C. A., and Ferreira, R. A. (2024). Material suplementar. [link].
Cho, S., Fontugne, R., Cho, K., Dainotti, A., and Gill, P. (2019). BGP Hijacking Classification. In 2019 Network Traffic Measurement and Analysis Conference, pages 25–32.
Du, B., Izhikevich, K., Rao, S., Akiwate, G., Testart, C., Snoeren, A. C., and claffy, k. (2023). IRRegularities in the Internet Routing Registry. In Proc. of the ACM IMC 2023, page 104–110.
Freedman, D., Foust, B., Greene, B., Maddison, B., Robachevsky, A., Snijders, J., and Steffann, S. (2019). Mutually Agreed Norms for Routing Security (MANRS) Implementation Guide.
Hammood, N. H. and Al-Musawi, B. (2021). Using BGP Features Towards Identifying Type of BGP Anomaly. In Proc. of the 2021 ICOTEN, pages 1–10.
Holterbach, T., Alfroy, T., Phokeer, A. D., Dainotti, A., and Pelsser, C. (2024). A System to Detect Forged-Origin Hijacks. In Proc. of the 21th USENIX NSDI.
Jacobs, A. S., Beltiukov, R., Willinger, W., Ferreira, R. A., Gupta, A., and Granville, L. Z. (2022). AI/ML for Network Security: The Emperor Has No Clothes. In Proc. of the 2022 ACM Conf. on Computer and Comm. Security, CCS ’22, page 1537–1551.
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. (2006). PHAS: A Prefix Hijack Alert System. In USENIX Security Symposium, volume 1, page 3.
Lakkaraju, H., Bach, S. H., and Leskovec, J. (2016). Interpretable Decision Sets: A Joint Framework for Description and Prediction. In Proc. of the 22nd ACM KDD.
Lepinski, M. and Sriram, K. (2017). BGPsec Protocol Specification. RFC 8205.
Liu, Y., Su, J., and Chang, R. K. (2012). LDC: Detecting BGP Prefix Hijacking by Load Distribution Change. In 2012 IEEE 26th IPDPS Workshops, pages 1197–1203.
Lychev, R., Schapira, M., and Goldberg, S. (2016). Rethinking Security for Internet Routing. Commun. ACM, 59(10):48–57.
Mcgregor, T., Alcock, S., and Karrenberg, D. (2010). The RIPE NCC internet measurement data repository. In Int. Conf. on Passive and Active Network Measurement.
Merit Network, Inc (2024). Internet Routing Registry. [link].
Meyer, D. (1997). University of Oregon Route Views Archive Project.
Milolidakis, A. and et al. (2023). On the Effectiveness of BGP Hijackers That Evade Public Route Collectors. In IEEE Access, volume 11, pages 31092–31124.
PeeringDB (2010). [link].
Qin, L., Li, D., Li, R., and Wang, K. (2022). Themis: Accelerating the Detection of Route Origin Hijacking by Distinguishing Legitimate and Illegitimate MOAS. In Proc. of the 31st USENIX Security Symposium (USENIX Security 22), pages 4509–4524.
Rekhter, Y. and et al. (2006). A Border Gateway Protocol 4 (BGP-4). RFC 4271.
Ribeiro, M. T., Singh, S., and Guestrin, C. (2016). “Why Should I Trust You?”: Explaining the Predictions of Any Classifier. In Proc. of the 22nd ACM International Conference on Knowledge Discovery and Data Mining, KDD ’16, page 1135–1144.
RIPE NCC RIS (2008). YouTube Hijacking: A RIPE NCC RIS Case Study. [link].
Sermpezis, P., Kotronis, V., Gigis, P., Dimitropoulos, X., Cicalese, D., King, A., and Dainotti, A. (2018). ARTEMIS: Neutralizing BGP Hijacking Within a Minute. In IEEE/ACM Transactions on Networking, volume 26, pages 2471–2486.
Shapira, T. and Shavitt, Y. (2022). AP2Vec: An Unsupervised Approach for BGP Hijacking Detection. IEEE Trans. on Network and Service Management, 19(3):2255–2268.
Shi, X., Xiang, Y., Wang, Z., Yin, X., and Wu, J. (2012). Detecting Prefix Hijackings in the Internet with Argus. In Proc. of the 2012 ACM IMC, page 15–28.
Siddiqui, A. (2022). KlaySwap – Another BGP Hijack Targeting Crypto Wallets. [link].
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2019). Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table. In Proc. of the 2019 ACM Internet Measurement Conference, IMC ’19, page 420–434.
Willinger, W., Gupta, A., Jacobs, A. S., Beltiukov, R., Ferreira, R. A., and Granville, L. (2023). A NetAI Manifesto (Part I): Less Explorimentation, More Science. SIGMETRICS Perform. Eval. Rev., 51(2):106–108.
Alfroy, T., Holterbach, T., and Pelsser, C. (2022). MVP: Measuring Internet Routing from the Most Valuable Points. In Proceedings of the 22nd ACM IMC 2022, page 770–771.
Arai, T., Nakano, K., and Chakraborty, B. (2019). Selection of effective features for bgp anomaly detection. In 2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST), pages 1–6.
Beltiukov, R., Guo, W., Gupta, A., and Willinger, W. (2023). In Search of netUnicorn: A Data-Collection Platform to Develop Generalizable ML Models for Network Security Problems. In Proc. of the 2023 ACM CCS, CCS ’23, page 2217–2231.
Birge-Lee, H., Sun, Y., Edmundson, A., Rexford, J., and Mittal, P. (2018). Bamboozling Certificate Authorities with BGP. In Proc. of the 27th USENIX Security’18, pages 833–849.
Bühler, T., Milolidakis, A., Jacob, R., Chiesa, M., Vissicchio, S., and Vanbever, L. (2023). Oscilloscope: Detecting BGP Hijacks in the Data Plane. arXiv preprint arXiv:2301.12843.
Bush, R. and Austein, R. (2017). The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1. RFC 8210.
CAIDA (2001). CAIDA AS Rank. [link].
CAIDA (2015). AS Relationships (Serial-2). [link].
Carvalho, A. B., da Silva Jr, B. A., da Silva, C. A., and Ferreira, R. A. (2024). Material suplementar. [link].
Cho, S., Fontugne, R., Cho, K., Dainotti, A., and Gill, P. (2019). BGP Hijacking Classification. In 2019 Network Traffic Measurement and Analysis Conference, pages 25–32.
Du, B., Izhikevich, K., Rao, S., Akiwate, G., Testart, C., Snoeren, A. C., and claffy, k. (2023). IRRegularities in the Internet Routing Registry. In Proc. of the ACM IMC 2023, page 104–110.
Freedman, D., Foust, B., Greene, B., Maddison, B., Robachevsky, A., Snijders, J., and Steffann, S. (2019). Mutually Agreed Norms for Routing Security (MANRS) Implementation Guide.
Hammood, N. H. and Al-Musawi, B. (2021). Using BGP Features Towards Identifying Type of BGP Anomaly. In Proc. of the 2021 ICOTEN, pages 1–10.
Holterbach, T., Alfroy, T., Phokeer, A. D., Dainotti, A., and Pelsser, C. (2024). A System to Detect Forged-Origin Hijacks. In Proc. of the 21th USENIX NSDI.
Jacobs, A. S., Beltiukov, R., Willinger, W., Ferreira, R. A., Gupta, A., and Granville, L. Z. (2022). AI/ML for Network Security: The Emperor Has No Clothes. In Proc. of the 2022 ACM Conf. on Computer and Comm. Security, CCS ’22, page 1537–1551.
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. (2006). PHAS: A Prefix Hijack Alert System. In USENIX Security Symposium, volume 1, page 3.
Lakkaraju, H., Bach, S. H., and Leskovec, J. (2016). Interpretable Decision Sets: A Joint Framework for Description and Prediction. In Proc. of the 22nd ACM KDD.
Lepinski, M. and Sriram, K. (2017). BGPsec Protocol Specification. RFC 8205.
Liu, Y., Su, J., and Chang, R. K. (2012). LDC: Detecting BGP Prefix Hijacking by Load Distribution Change. In 2012 IEEE 26th IPDPS Workshops, pages 1197–1203.
Lychev, R., Schapira, M., and Goldberg, S. (2016). Rethinking Security for Internet Routing. Commun. ACM, 59(10):48–57.
Mcgregor, T., Alcock, S., and Karrenberg, D. (2010). The RIPE NCC internet measurement data repository. In Int. Conf. on Passive and Active Network Measurement.
Merit Network, Inc (2024). Internet Routing Registry. [link].
Meyer, D. (1997). University of Oregon Route Views Archive Project.
Milolidakis, A. and et al. (2023). On the Effectiveness of BGP Hijackers That Evade Public Route Collectors. In IEEE Access, volume 11, pages 31092–31124.
PeeringDB (2010). [link].
Qin, L., Li, D., Li, R., and Wang, K. (2022). Themis: Accelerating the Detection of Route Origin Hijacking by Distinguishing Legitimate and Illegitimate MOAS. In Proc. of the 31st USENIX Security Symposium (USENIX Security 22), pages 4509–4524.
Rekhter, Y. and et al. (2006). A Border Gateway Protocol 4 (BGP-4). RFC 4271.
Ribeiro, M. T., Singh, S., and Guestrin, C. (2016). “Why Should I Trust You?”: Explaining the Predictions of Any Classifier. In Proc. of the 22nd ACM International Conference on Knowledge Discovery and Data Mining, KDD ’16, page 1135–1144.
RIPE NCC RIS (2008). YouTube Hijacking: A RIPE NCC RIS Case Study. [link].
Sermpezis, P., Kotronis, V., Gigis, P., Dimitropoulos, X., Cicalese, D., King, A., and Dainotti, A. (2018). ARTEMIS: Neutralizing BGP Hijacking Within a Minute. In IEEE/ACM Transactions on Networking, volume 26, pages 2471–2486.
Shapira, T. and Shavitt, Y. (2022). AP2Vec: An Unsupervised Approach for BGP Hijacking Detection. IEEE Trans. on Network and Service Management, 19(3):2255–2268.
Shi, X., Xiang, Y., Wang, Z., Yin, X., and Wu, J. (2012). Detecting Prefix Hijackings in the Internet with Argus. In Proc. of the 2012 ACM IMC, page 15–28.
Siddiqui, A. (2022). KlaySwap – Another BGP Hijack Targeting Crypto Wallets. [link].
Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2019). Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table. In Proc. of the 2019 ACM Internet Measurement Conference, IMC ’19, page 420–434.
Willinger, W., Gupta, A., Jacobs, A. S., Beltiukov, R., Ferreira, R. A., and Granville, L. (2023). A NetAI Manifesto (Part I): Less Explorimentation, More Science. SIGMETRICS Perform. Eval. Rev., 51(2):106–108.
Publicado
16/09/2024
Como Citar
CARVALHO, Adriano B.; SILVA JR., Brivaldo A. da; SILVA, Carlos Alberto da; FERREIRA, Ronaldo A..
Abrindo a Caixa-Preta – Aplicando IA Explicável para Aprimorar a Detecção de Sequestros de Prefixo. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 16-31.
DOI: https://doi.org/10.5753/sbseg.2024.240764.
