Abstract
In the inter-domain network, route leaks can disrupt the Internet traffic and cause large outages. The accurate detection of route leaks requires the sharing of AS business relationship information. However, the business relationship information between ASes is confidential. ASes are usually unwilling to reveal this information to the other ASes, especially their competitors. In this paper, we propose a method named FL-RLD to detect route leaks while maintaining the privacy of business relationships between ASes by using a blockchain-based federated learning framework, where ASes can collaboratively train a global detection model without directly disclosing their specific business relationships. To mitigate the lack of ground-truth validation data in route leaks, FL-RLD provides a self-validation scheme by labeling AS triples with local routing policies. We evaluate FL-RLD under a variety of datasets including imbalanced and balanced datasets, and examine different deployment strategies of FL-RLD under different topologies. According to the results, FL-RLD performs better in detecting route leaks than the single AS detection, whether the datasets are balanced or imbalanced. Additionally, the results indicate that selecting ASes with the most peers to first deploy FL-RLD brings more significant benefits in detecting route leaks than selecting ASes with the most providers and customers.
- [1] . 2020. BGP route leaks detection using supervised machine learning technique. In 2020 2nd Novel Intelligent and Leading Emerging Sciences Conference (NILES). IEEE, 15–20.Google Scholar
Cross Ref
- [2] . 2015. Investigating interdomain routing policies in the wild. In Proceedings of the 2015 Internet Measurement Conference. 71–77.Google Scholar
Digital Library
- [3] . 2018. Verification of AS PATH Using the Resource Certificate Public Key Infrastructure and Autonomous System Provider Authorization. (2018).Google Scholar
- [4] . 2021. AS relationship dataset. Online. http://www.caida.org/data/as-relationships/. (2021).Google Scholar
- [5] . 2020. ISRchain: Achieving efficient interdomain secure routing with blockchain. Computers & Electrical Engineering 83 (2020), 106584.Google Scholar
Cross Ref
- [6] . 2018. When machine learning meets blockchain: A decentralized, privacy-preserving and secure design. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 1178–1187.Google Scholar
Cross Ref
- [7] . 2021. ISP self-operated BGP anomaly detection based on weakly supervised learning. In 2021 IEEE 29th International Conference on Network Protocols (ICNP). IEEE, 1–11.Google Scholar
Cross Ref
- [8] . 2020. Preventing route leaks using a decentralized approach: An experimental evaluation. In 2020 IEEE 28th International Conference on Network Protocols (ICNP). IEEE, 1–6.Google Scholar
Cross Ref
- [9] . 2001. On inferring autonomous system relationships in the internet. IEEE/ACM Transactions on Networking 9, 6 (2001), 733–745.Google Scholar
Digital Library
- [10] . 2016. Are we there yet? On RPKI’s deployment and security. In NDSS.Google Scholar
- [11] . 2013. A survey of interdomain routing policies. ACM SIGCOMM Computer Communication Review 44, 1 (2013), 28–34.Google Scholar
Digital Library
- [12] . 2020. ROAchain: Securing route origin authorization with blockchain for inter-domain routing. IEEE Transactions on Network and Service Management (2020).Google Scholar
- [13] . 2009. Defending against BGP man-in-the-middle attacks. Talk at BlackHat (2009).Google Scholar
- [14] . 2021. A systematic literature review of blockchain-based federated learning: Architectures, applications and issues. In 2021 2nd Information Communication Technologies Conference (ICTC). IEEE, 302–307.Google Scholar
Cross Ref
- [15] . 2016. Study on BGP route leak. Chinese Journal of Network and Information Security 2, 8 (2016), 54–61.Google Scholar
- [16] . 2019. Stable and practical \(\lbrace\)AS\(\rbrace\) relationship inference with ProbLink. In 16th \(\lbrace\)USENIX\(\rbrace\) Symposium on Networked Systems Design and Implementation (\(\lbrace\)NSDI\(\rbrace\) 19). 581–598.Google Scholar
- [17] . 2020. TopoScope: Recover AS relationships from fragmentary observations. In Proceedings of the ACM Internet Measurement Conference. 266–280.Google Scholar
Digital Library
- [18] . 2017. Introduction to Keras. In Deep Learning with Python. Springer, 97–111.Google Scholar
Cross Ref
- [19] . 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).Google Scholar
- [20] . 2020. Chain FL: Decentralized federated machine learning via blockchain. In 2020 Second International Conference on Blockchain Computing and Applications (BCCA). IEEE, 140–146.Google Scholar
Cross Ref
- [21] . 2017. Imbalanced-learn: A Python toolbox to tackle the curse of imbalanced datasets in machine learning. The Journal of Machine Learning Research 18, 1 (2017), 559–563.Google Scholar
Digital Library
- [22] . 2012. RFC 6480: An infrastructure to support secure Internet routing. Internet Engineering Task Force (IETF) (2012).Google Scholar
- [23] . 2015. Route leaks identification by detecting routing loops. In International Conference on Security and Privacy in Communication Systems. Springer, 313–329.Google Scholar
Cross Ref
- [24] . 2020. A survey on the security of blockchain systems. Future Generation Computer Systems 107 (2020), 841–853.Google Scholar
Digital Library
- [25] . 2020. A blockchain-based decentralized federated learning framework with committee consensus. IEEE Network 35, 1 (2020), 234–241.Google Scholar
Digital Library
- [26] . 2019. Blockchain and federated learning for privacy-preserved data sharing in industrial IoT. IEEE Transactions on Industrial Informatics 16, 6 (2019), 4177–4186.Google Scholar
Cross Ref
- [27] . 2013. AS relationships, customer cones, and validation. In Proceedings of the 2013 Conference on Internet Measurement Conference. 243–256.Google Scholar
Digital Library
- [28] . 2015. Routing leak briefly takes down Google. Online. https://blogs.oracle.com/internetintelligence/routing-leak-briefly-takes-down-google. (2015).Google Scholar
- [29] . 2019. FLchain: Federated learning via MEC-enabled blockchain network. In 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS). IEEE, 1–4.Google Scholar
- [30] . 2021. Flexsealing BGP against route leaks: Peerlock active measurement and analysis. Proceedings of the 28th Network and Distributed System Security Symposium (NDSS 2021) (2021).Google Scholar
Cross Ref
- [31] . 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 1273–1282.Google Scholar
- [32] . 2021. Using bursty announcements for detecting BGP routing anomalies. Computer Networks 188 (2021), 107835.Google Scholar
Cross Ref
- [33] . 2010. Rectified linear units improve restricted Boltzmann machines. In ICML.Google Scholar
Digital Library
- [34] . 2015. The raft consensus algorithm. Online, https://raft.github.io/. (2015).Google Scholar
- [35] . 2021. How biased is our validation (data) for AS relationships?. In Proceedings of the 21st ACM Internet Measurement Conference. 612–620.Google Scholar
Digital Library
- [36] . 2015. Trusted execution environment: What it is, and what it is not. In 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 57–64.Google Scholar
Digital Library
- [37] . 2020. Unveiling the type of relationship between autonomous systems using deep learning. In NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium. IEEE, 1–6.Google Scholar
- [38] . 2020. Biscotti: A blockchain system for private and secure federated learning. IEEE Transactions on Parallel and Distributed Systems 32, 7 (2020), 1513–1525.Google Scholar
Cross Ref
- [39] . 2021. Major route leak by AS28548. Online. https://www.manrs.org/2021/02/major-route-leak-by-as28548-another-bgp-optimizer/. (2021).Google Scholar
- [40] . 2015. Self-reliant detection of route leaks in inter-domain routing. Computer Networks 82 (2015), 135–155.Google Scholar
Digital Library
- [41] . 2016. Everyday practical BGP filtering. Online. https://peerlock.net. (2016).Google Scholar
- [42] . 2016. NTT peer locking. Online. http://instituut.net/job/peerlock_manual.pdf. (2016).Google Scholar
- [43] . 2017. Methods for detection and mitigation of BGP route leaks. draft-ietf-idr-route-leak-detection-mitigation-06 (2017).Google Scholar
- [44] . 2016. Problem definition and classification of BGP route leaks. RFC 7908 (2016).Google Scholar
- [45] . 2015. Metrics for evaluating 3D medical image segmentation: Analysis, selection, and tool. BMC Medical Imaging 15, 1 (2015), 1–28.Google Scholar
Cross Ref
- [46] . 2019. DeepChain: Auditable and privacy-preserving deep learning with blockchain-based incentive. IEEE Transactions on Dependable and Secure Computing (2019).Google Scholar
Digital Library
- [47] . 2013. Sign what you really care about–secure BGP AS-paths efficiently. Computer Networks 57, 10 (2013), 2250–2265.Google Scholar
Digital Library
- [48] . 2021. A privacy-preserving route leak protection mechanism based on blockchain. In 2021 IEEE International Conference on Information Communication and Software Engineering (ICICSE). IEEE, 264–269.Google Scholar
Cross Ref
- [49] . 2020. A blockchain based protocol for federated learning. In 2020 IEEE 28th International Conference on Network Protocols (ICNP). IEEE, 1–2.Google Scholar
Cross Ref
- [50] . 2018. Blockchain challenges and opportunities: A survey. International Journal of Web and Grid Services 14, 4 (2018), 352–375.Google Scholar
Cross Ref
Index Terms
Federated Route Leak Detection in Inter-domain Routing with Privacy Guarantee
Recommendations
Inter-domain collaborative routing (IDCR): Server selection for optimal client performance
Communication between institutions, or domains, residing in the Internet requires a route to be created between the routing domains. Each of these domains is controlled by a single administrative authority, and is referred to as an autonomous system (AS)...
Practicable route leak detection and protection with ASIRIA
AbstractRoute leak events have historically caused many wide-scale disruptions on the Internet. Leaks are particularly hard to detect because they most frequently involve routes with legitimate origin announced through legitimate paths that ...






Comments