Detalhes bibliográficos
| Ano de defesa: |
2025 |
| Autor(a) principal: |
Adriano Bastos de Carvalho |
| Orientador(a): |
Ronaldo Alves Ferreira |
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
por |
| Instituição de defesa: |
Fundação Universidade Federal de Mato Grosso do Sul
|
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Brasil
|
| Palavras-chave em Português: |
|
| Link de acesso: |
https://repositorio.ufms.br/handle/123456789/11447
|
Resumo: |
The Border Gateway Protocol (BGP) lacks native security mechanisms, allowing malicious actors to manipulate route announcements or advertise prefixes they do not own. When an Autonomous System (AS) advertises a prefix it does not own, a prefix hijack occurs, which can render the legitimate AS unreachable, redirect traffic to steal information, or enable the misuse of the hijacked addresses (e.g., for sending spam). Some works propose solutions to this problem, such as RPKI, BGPSec, and ASPA, but these solutions have not yet been widely implemented to eliminate the issue. The first part of this work uses an extensive set of simulations with real data to characterize the vulnerability of 29 military networks to prefix hijacks, revealing that networks with higher connectivity and geographically distributed neighbors are less affected. The study also discusses possibilities for making the routing systems of these networks more robust. Recent research has employed machine learning to identify these hijacks, but the models are often black boxes and complex, making it challenging to determine whether they use the most appropriate features. The second part of this work applies eXplainable Artificial Intelligence (XAI) techniques to evaluate and improve a recently proposed prefix hijack detection model. From an analysis of the original model with 28 features, two reduced models were created with 11 and 5 features, respectively. These reduced models produce results with no statistical difference from the complete model but reduce processing time by over 31% (9 min per day) and total storage space required by more than 36% (970 MB in 160 days). When the results obtained by the reduced models using new links identified are evaluated, the 5-feature model proved to be 0.1152 more accurate than the original model, demonstrating the importance of proper feature selection. Evaluating the simulated hijacks of military networks, up to 77% of attacks may go undetected, even with the best available tool for detecting hijacks with forged origins. In addition to feature reduction, two approaches to improving the model are also presented: one assesses the impact on the model if it were possible to obtain new information to enhance the value of the bidirectionality feature, and the other examines the model’s results with a new training dataset. The first approach resulted in an increase in the F1-score for both classes, while the second improved the Matthews Correlation Coefficient (MCC) from -0.0530 to 0.3165. |
