NEW METRICS FOR ASSESSMENT THE RISKS OF THE INTERNET ROUTE HIJACK CYBERATTACS

V.Yu. Zubok

Èlektron. model. 2020, 42(5):111-119
https://doi.org/10.15407/emodel.42.05.111

ABSTRACT

Possibility of dynamic routes change between nodes which are not physically connected is a key feature of the Internet routing. One of the most significant problems deriving from weaknesses of the exterior gateway protocol BGP-4 is route leaks and route hijacks. None of proposed and partially implemented upgrades and add-ons like MANRS and RPKI can not deliver reliable defense against those types of attacks. Estimating the risks of route hijack requires quantitative measurement of the impact of an attack on the routing distortion, and therefore, the loss of information security breach. In this paper, we will use the knowledge of the features of the Internet topology. Then we will find the relationship between topology and routing vulnerability. As a conclusion, we will try to obtain a method for quantifying information risk using a formal global routing model and trust metrics.

KEYWORDS

cybersecurity, global routing, route hijack, risk management, trust metrics.

REFERENCES

  1. Sermpezis, P., Kotronis, V., Dainotti, A. and Dimitropoulos, X. (2018), “A survey among network operators on BGP prefx hijacking”, ACM SIGCOMM Computer Communication Review, Vol. 48, no. 1, pp. 64-
    https://doi.org/10.1145/3211852.3211862
  2. Reuter, A., Bush, R. and Cunha, I. (2018), “Towards a rigorous methodology for measuring adoption of RPKI route validation and fltering”, ACM SIGCOMM Computer Communication Review, Vol. 48, no. 1, pp. 19-
    https://doi.org/10.1145/3211852.3211856
  3. Zubok, (2018), “Determining the ways of counteraction to cyberattacks on the Internet global routing”, Elektronne modelyuvannya, Vol. 40, no. 5, pp. 67-76.
    https://doi.org/10.15407/emodel.40.05.067
  4. (2018), ISO/IEC 27000:2018, Information technology. Security techniques. Information security management systems. Overview and vocabulary.
  5. (2009), ISO Guide 73:2009. Risk management, ISO/TMBG.
  6. Mui, L., Mohtashemi, M. and Halberstadt, A. (2002) “A computational model of trust and reputation”, System Sciences, pp. 2431-2439.

Full text: PDF