skip to main content
research-article

Federated Route Leak Detection in Inter-domain Routing with Privacy Guarantee

Published:23 February 2023Publication History
Skip Abstract Section

Abstract

In the inter-domain network, route leaks can disrupt the Internet traffic and cause large outages. The accurate detection of route leaks requires the sharing of AS business relationship information. However, the business relationship information between ASes is confidential. ASes are usually unwilling to reveal this information to the other ASes, especially their competitors. In this paper, we propose a method named FL-RLD to detect route leaks while maintaining the privacy of business relationships between ASes by using a blockchain-based federated learning framework, where ASes can collaboratively train a global detection model without directly disclosing their specific business relationships. To mitigate the lack of ground-truth validation data in route leaks, FL-RLD provides a self-validation scheme by labeling AS triples with local routing policies. We evaluate FL-RLD under a variety of datasets including imbalanced and balanced datasets, and examine different deployment strategies of FL-RLD under different topologies. According to the results, FL-RLD performs better in detecting route leaks than the single AS detection, whether the datasets are balanced or imbalanced. Additionally, the results indicate that selecting ASes with the most peers to first deploy FL-RLD brings more significant benefits in detecting route leaks than selecting ASes with the most providers and customers.

REFERENCES

  1. [1] Monem Salma Abd El, Khalafallah Ahmed, and Shaheen Samir I.. 2020. BGP route leaks detection using supervised machine learning technique. In 2020 2nd Novel Intelligent and Leading Emerging Sciences Conference (NILES). IEEE, 1520.Google ScholarGoogle ScholarCross RefCross Ref
  2. [2] Anwar Ruwaifa, Niaz Haseeb, Choffnes David, Cunha Ítalo, Gill Phillipa, and Katz-Bassett Ethan. 2015. Investigating interdomain routing policies in the wild. In Proceedings of the 2015 Internet Measurement Conference. 7177.Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. [3] Azimov Alexander, Bogomazov Eugene, Bush Randy, Patel Keyur, and Snijders Job. 2018. Verification of AS PATH Using the Resource Certificate Public Key Infrastructure and Autonomous System Provider Authorization. (2018).Google ScholarGoogle Scholar
  4. [4] CAIDA. 2021. AS relationship dataset. Online. http://www.caida.org/data/as-relationships/. (2021).Google ScholarGoogle Scholar
  5. [5] Chen Di, Ba Yang, Qiu Han, Zhu Junhu, and Wang Qingxian. 2020. ISRchain: Achieving efficient interdomain secure routing with blockchain. Computers & Electrical Engineering 83 (2020), 106584.Google ScholarGoogle ScholarCross RefCross Ref
  6. [6] Chen Xuhui, Ji Jinlong, Luo Changqing, Liao Weixian, and Li Pan. 2018. When machine learning meets blockchain: A decentralized, privacy-preserving and secure design. In 2018 IEEE International Conference on Big Data (Big Data). IEEE, 11781187.Google ScholarGoogle ScholarCross RefCross Ref
  7. [7] Dong Yutao, Li Qing, Sinnott Richard O., Jiang Yong, and Xia Shutao. 2021. ISP self-operated BGP anomaly detection based on weakly supervised learning. In 2021 IEEE 29th International Conference on Network Protocols (ICNP). IEEE, 111.Google ScholarGoogle ScholarCross RefCross Ref
  8. [8] Galmés Miquel Ferriol, Aumatell Roger Coll, Cabellos-Aparicio Albert, Ren Shoushou, Wei Xinpeng, and Liu Bingyang. 2020. Preventing route leaks using a decentralized approach: An experimental evaluation. In 2020 IEEE 28th International Conference on Network Protocols (ICNP). IEEE, 16.Google ScholarGoogle ScholarCross RefCross Ref
  9. [9] Gao Lixin. 2001. On inferring autonomous system relationships in the internet. IEEE/ACM Transactions on Networking 9, 6 (2001), 733745.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. [10] Gilad Yossi, Cohen Avichai, Herzberg Amir, Schapira Michael, and Shulman Haya. 2016. Are we there yet? On RPKI’s deployment and security. In NDSS.Google ScholarGoogle Scholar
  11. [11] Gill Phillipa, Schapira Michael, and Goldberg Sharon. 2013. A survey of interdomain routing policies. ACM SIGCOMM Computer Communication Review 44, 1 (2013), 2834.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. [12] He Guobiao, Su Wei, Gao Shuai, Yue Jiarui, and Das Sajal K.. 2020. ROAchain: Securing route origin authorization with blockchain for inter-domain routing. IEEE Transactions on Network and Service Management (2020).Google ScholarGoogle Scholar
  13. [13] Hepner Clint and Zmijewski Earl. 2009. Defending against BGP man-in-the-middle attacks. Talk at BlackHat (2009).Google ScholarGoogle Scholar
  14. [14] Hou Dongkun, Zhang Jie, Man Ka Lok, Ma Jieming, and Peng Zitian. 2021. A systematic literature review of blockchain-based federated learning: Architectures, applications and issues. In 2021 2nd Information Communication Technologies Conference (ICTC). IEEE, 302307.Google ScholarGoogle ScholarCross RefCross Ref
  15. [15] Jia Jia, Yan Zhi-wei, Geng Guang-gang, and Jian Jin. 2016. Study on BGP route leak. Chinese Journal of Network and Information Security 2, 8 (2016), 5461.Google ScholarGoogle Scholar
  16. [16] Jin Yuchen, Scott Colin, Dhamdhere Amogh, Giotsas Vasileios, Krishnamurthy Arvind, and Shenker Scott. 2019. Stable and practical \(\lbrace\)AS\(\rbrace\) relationship inference with ProbLink. In 16th \(\lbrace\)USENIX\(\rbrace\) Symposium on Networked Systems Design and Implementation (\(\lbrace\)NSDI\(\rbrace\) 19). 581598.Google ScholarGoogle Scholar
  17. [17] Jin Zitong, Shi Xingang, Yang Yan, Yin Xia, Wang Zhiliang, and Wu Jianping. 2020. TopoScope: Recover AS relationships from fragmentary observations. In Proceedings of the ACM Internet Measurement Conference. 266280.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. [18] Ketkar Nikhil. 2017. Introduction to Keras. In Deep Learning with Python. Springer, 97111.Google ScholarGoogle ScholarCross RefCross Ref
  19. [19] Kingma Diederik P. and Ba Jimmy. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014).Google ScholarGoogle Scholar
  20. [20] Korkmaz Caner, Kocas Halil Eralp, Uysal Ahmet, Masry Ahmed, Ozkasap Oznur, and Akgun Baris. 2020. Chain FL: Decentralized federated machine learning via blockchain. In 2020 Second International Conference on Blockchain Computing and Applications (BCCA). IEEE, 140146.Google ScholarGoogle ScholarCross RefCross Ref
  21. [21] Lemaître Guillaume, Nogueira Fernando, and Aridas Christos K.. 2017. Imbalanced-learn: A Python toolbox to tackle the curse of imbalanced datasets in machine learning. The Journal of Machine Learning Research 18, 1 (2017), 559563.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. [22] Lepinski Matt and Kent S.. 2012. RFC 6480: An infrastructure to support secure Internet routing. Internet Engineering Task Force (IETF) (2012).Google ScholarGoogle Scholar
  23. [23] Li Song, Duan Haixin, Wang Zhiliang, and Li Xing. 2015. Route leaks identification by detecting routing loops. In International Conference on Security and Privacy in Communication Systems. Springer, 313329.Google ScholarGoogle ScholarCross RefCross Ref
  24. [24] Li Xiaoqi, Jiang Peng, Chen Ting, Luo Xiapu, and Wen Qiaoyan. 2020. A survey on the security of blockchain systems. Future Generation Computer Systems 107 (2020), 841853.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. [25] Li Yuzheng, Chen Chuan, Liu Nan, Huang Huawei, Zheng Zibin, and Yan Qiang. 2020. A blockchain-based decentralized federated learning framework with committee consensus. IEEE Network 35, 1 (2020), 234241.Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. [26] Lu Yunlong, Huang Xiaohong, Dai Yueyue, Maharjan Sabita, and Zhang Yan. 2019. Blockchain and federated learning for privacy-preserved data sharing in industrial IoT. IEEE Transactions on Industrial Informatics 16, 6 (2019), 41774186.Google ScholarGoogle ScholarCross RefCross Ref
  27. [27] Luckie Matthew, Huffaker Bradley, Dhamdhere Amogh, Giotsas Vasileios, and Claffy K. C.. 2013. AS relationships, customer cones, and validation. In Proceedings of the 2013 Conference on Internet Measurement Conference. 243256.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. [28] Madory Doug. 2015. Routing leak briefly takes down Google. Online. https://blogs.oracle.com/internetintelligence/routing-leak-briefly-takes-down-google. (2015).Google ScholarGoogle Scholar
  29. [29] Majeed Umer and Hong Choong Seon. 2019. FLchain: Federated learning via MEC-enabled blockchain network. In 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS). IEEE, 14.Google ScholarGoogle Scholar
  30. [30] McDaniel Tyler, Smith Jared M., and Schuchard Max. 2021. Flexsealing BGP against route leaks: Peerlock active measurement and analysis. Proceedings of the 28th Network and Distributed System Security Symposium (NDSS 2021) (2021).Google ScholarGoogle ScholarCross RefCross Ref
  31. [31] McMahan Brendan, Moore Eider, Ramage Daniel, Hampson Seth, and Arcas Blaise Aguera y. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics. PMLR, 12731282.Google ScholarGoogle Scholar
  32. [32] Moriano Pablo, Hill Raquel, and Camp L. Jean. 2021. Using bursty announcements for detecting BGP routing anomalies. Computer Networks 188 (2021), 107835.Google ScholarGoogle ScholarCross RefCross Ref
  33. [33] Nair Vinod and Hinton Geoffrey E.. 2010. Rectified linear units improve restricted Boltzmann machines. In ICML.Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. [34] Ongaro Diego and Ousterhout John. 2015. The raft consensus algorithm. Online, https://raft.github.io/. (2015).Google ScholarGoogle Scholar
  35. [35] Prehn Lars and Feldmann Anja. 2021. How biased is our validation (data) for AS relationships?. In Proceedings of the 21st ACM Internet Measurement Conference. 612620.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. [36] Sabt Mohamed, Achemlal Mohammed, and Bouabdallah Abdelmadjid. 2015. Trusted execution environment: What it is, and what it is not. In 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 5764.Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. [37] Shapira Tal and Shavitt Yuval. 2020. Unveiling the type of relationship between autonomous systems using deep learning. In NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium. IEEE, 16.Google ScholarGoogle Scholar
  38. [38] Shayan Muhammad, Fung Clement, Yoon Chris J. M., and Beschastnikh Ivan. 2020. Biscotti: A blockchain system for private and secure federated learning. IEEE Transactions on Parallel and Distributed Systems 32, 7 (2020), 15131525.Google ScholarGoogle ScholarCross RefCross Ref
  39. [39] Siddiqui Aftab. 2021. Major route leak by AS28548. Online. https://www.manrs.org/2021/02/major-route-leak-by-as28548-another-bgp-optimizer/. (2021).Google ScholarGoogle Scholar
  40. [40] Siddiqui M. S., Montero Diego, Serral-Gracià René, and Yannuzzi Marcelo. 2015. Self-reliant detection of route leaks in inter-domain routing. Computer Networks 82 (2015), 135155.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. [41] Snijders Job. 2016. Everyday practical BGP filtering. Online. https://peerlock.net. (2016).Google ScholarGoogle Scholar
  42. [42] Snijders Job. 2016. NTT peer locking. Online. http://instituut.net/job/peerlock_manual.pdf. (2016).Google ScholarGoogle Scholar
  43. [43] Sriram Kotikalapudi, Montgomery Doug, Dickson Brian, Patel Keyur, and Robachevsky Andrei. 2017. Methods for detection and mitigation of BGP route leaks. draft-ietf-idr-route-leak-detection-mitigation-06 (2017).Google ScholarGoogle Scholar
  44. [44] Sriram Kotikalapudi, Montgomery Doug, McPherson D., Osterweil Eric, and Dickson Brian. 2016. Problem definition and classification of BGP route leaks. RFC 7908 (2016).Google ScholarGoogle Scholar
  45. [45] Taha Abdel Aziz and Hanbury Allan. 2015. Metrics for evaluating 3D medical image segmentation: Analysis, selection, and tool. BMC Medical Imaging 15, 1 (2015), 128.Google ScholarGoogle ScholarCross RefCross Ref
  46. [46] Weng Jiasi, Weng Jian, Zhang Jilian, Li Ming, Zhang Yue, and Luo Weiqi. 2019. DeepChain: Auditable and privacy-preserving deep learning with blockchain-based incentive. IEEE Transactions on Dependable and Secure Computing (2019).Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. [47] Xiang Yang, Shi Xingang, Wu Jianping, Wang Zhiliang, and Yin Xia. 2013. Sign what you really care about–secure BGP AS-paths efficiently. Computer Networks 57, 10 (2013), 22502265.Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. [48] Yue Jiarui, Qin Yajuan, Gao Shuai, Su Wei, He Guobiao, and Liu Ningchun. 2021. A privacy-preserving route leak protection mechanism based on blockchain. In 2021 IEEE International Conference on Information Communication and Software Engineering (ICICSE). IEEE, 264269.Google ScholarGoogle ScholarCross RefCross Ref
  49. [49] Zhang Qiong, Palacharla Paparao, Sekiya Motoyoshi, Suga Junichi, and Katagiri Toru. 2020. A blockchain based protocol for federated learning. In 2020 IEEE 28th International Conference on Network Protocols (ICNP). IEEE, 12.Google ScholarGoogle ScholarCross RefCross Ref
  50. [50] Zheng Zibin, Xie Shaoan, Dai Hong-Ning, Chen Xiangping, and Wang Huaimin. 2018. Blockchain challenges and opportunities: A survey. International Journal of Web and Grid Services 14, 4 (2018), 352375.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Federated Route Leak Detection in Inter-domain Routing with Privacy Guarantee

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Internet Technology
      ACM Transactions on Internet Technology  Volume 23, Issue 1
      February 2023
      564 pages
      ISSN:1533-5399
      EISSN:1557-6051
      DOI:10.1145/3584863
      • Editor:
      • Ling Liu
      Issue’s Table of Contents

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 23 February 2023
      • Online AM: 1 September 2022
      • Accepted: 29 August 2022
      • Revised: 27 June 2022
      • Received: 8 April 2022
      Published in toit Volume 23, Issue 1

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Full Text

    View this article in Full Text.

    View Full Text

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!