Characterizing vulnerability to IP hijack attempts

The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 15 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in 2012, and an event that partially crippled Google in November 2012. The extent of an IP Hijack can be localized to a small region or can propagate to become a world-wide event. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic. The paper addresses the question of why some autonomous systems are more prone to attack than others. We present a series of findings related to the manner in which IP hijacks propagate through the global routing infrastructure. We examine why some attacks extend widely while others remain isolated and explore topological patterns that enhance or inhibit attacks.