Monitoring the hygiene of non-routed space
Develop techniques to enable predictive capabilities in the detection and prevention of misuse of unallocated or allocated IP address space by malicious actors.
IP squatting is the misused of unallocated or allocated IP address space by malicious actors that can use the hijacked IP space as source addresses in malicious activities in order to hinder their detectability and tractability. For example, such actors can use this attack to number botnet command and control hosts, and spam relays with temporary addresses. Squatting has been used as an effective cloaking technique because it did not affect legitimate because the source addresses used are legitimate and do not result in infrastructure alerts. However, the IPv4 address space depletion makes squatting much harder, leading attackers to resort to more sophisticated techniques. Preliminary analysis shows increasing abuse against Internet Exchange Points (IXPs) address ranges. IXP prefixes are usually not advertised in the global routing system since they are not allocated to end hosts. Therefore, IXP prefix hijacking does not affect existing Internet paths. These bogus advertisements are often realized as spear attacks, namely highly targeted bogus advertisements to evade detection.
Goal
Develop the necessary techniques to enable predictive capabilities in the detection and mitigation of these emerging threats that currently cannot be addressed by the existing tools.
Learning outcome
- Better understanding of IP routing and Internet architecture
- Insight in routing security
- You will get an opportunity to run a real-world large experiment
Qualifications
- General understanding of IP networks
- Programming skills
- Interest in machine learning
Supervisors
- Ioana Alexandrina Livadariu
