A Deep Learning Approach for IP Hijack Detection Based on ASN Embedding
Published in ACM SIGCOMM Workshop on Network Meets AI & ML (NetAI 2020), 2020
Recommended citation: T. Shapira and Y. Shavitt, "A Deep Learning Approach for IP Hijack Detection Based on ASN Embedding," ACM SIGCOMM Workshop on Network Meets AI & ML (NetAI 2020), New York, NY, USA, Aug 2020, pp. 35–41. https://dl.acm.org/doi/abs/10.1145/3405671.3405814
Tal Shapira and Yuval Shavitt. 2020. A Deep Learning Approach for IP Hijack Detection Based on ASN Embedding. In Proceedings of the Workshop on Network Meets AI & ML (NetAI ’20). Association for Computing Machinery, New York, NY, USA, 35–41.
IP hijack detection is an important security challenge. In this paper we introduce a novel approach for BGP hijack detection using deep learning. Similar to natural language processing (NLP) models, we show that by using BGP route announcements as sentences, we can embed each AS number (ASN) to a vector that represents its latent characteristics. In order to solve this supervised learning problem, we use these vectors as an input to a recurrent neural network and achieve an excellent result: an accuracy of 99.99% for BGP hijack detection with 0.00% false alarm. We test our method on 48 past hijack events between the years 2008 and 2018 and detect 32 of them, and in particular, all the events within two years from our training data.