Estimating the Impact of BGP Prefix Hijacking

BGP prefix hijacking is a critical threat to the resilience and security of communications in the Internet. While several mechanisms have been proposed to prevent, detect or mitigate hijacking events, it has not been studied how to accurately quantify the impact of an ongoing hijack. When detecting a hijack, existing methods do not estimate how many networks in the Internet are affected (before and/or after its mitigation). In this paper, we study fundamental and practical aspects of the problem of estimating the impact of an ongoing hijack through network measurements. We derive analytical results for the involved trade-offs and limits, and investigate the performance of different measurement approaches (control/data-plane measurements) and use of public measurement infrastructure. Our findings provide useful insights for the design of accurate hijack impact estimation methodologies. Based on these insights, we design (i) a lightweight and practical estimation methodology that employs ping measurements, and (ii) an estimator that employs public infrastructure measurements and eliminates correlations between them to improve the accuracy. We validate the proposed methodologies and findings against results from hijacking experiments we conduct in the real Internet.