Computer Networks 202 (2022) 108650

Contents lists available at ScienceDirect

Computer Networks
journal homepage: www.elsevier.com/locate/comnet

Understanding the impact of outsourcing mitigation against BGP prefix

hijacking
Man Zeng, Xiaohong Huang, Pei Zhang ∗, Dandan Li
School of Computer Science (National Pilot Software Engineering School), Beijing University of Posts and Telecommunication, Beijing, 100876, China

ARTICLE INFO ABSTRACT

Keywords: BGP prefix hijacking caused by a misconfiguration or malicious route announcements brings great trouble
BGP to today’s Internet. Outsourcing mitigation is a recently proposed automatic hijacking mitigation method.
Prefix hijacking It mitigates hijacking incidents by attracting and redirecting the hijacked traffic to the origin AS so the
Mitigation
deployment of the AS that performs the attracting and redirecting behaviors is important for improving the
effectiveness of mitigation. However, traditional methods fail to guarantee mitigation effectiveness, i.e., simply
selecting the neighbor AS of the origin AS to mitigate. Therefore, how to measure the mitigation effectiveness
of different ASes and effectively select the mitigators are key issues of outsourcing mitigation.
In this paper, to measure the mitigation effectiveness of ASes, (1) we use a new metric for evaluating the
mitigation effectiveness, and propose a strategy called AS Reachability Influence Selection (ARS) for effectively
selecting ASes with high mitigation effectiveness. (2) We conduct extensive analysis to deeply study different
characteristics (e.g., AS type, degree, provider, region) that influence the mitigation effectiveness. As the results
show, ARS can put ASes with high mitigation effectiveness in front. The results also show that ASes with many
Tier-1 providers or high tier providers may achieve higher mitigation effectiveness than Tier-1 ASes.

1. Introduction
Today’s Internet is composed of tens of thousands of networks called
Autonomous Systems (ASes). These ASes use Border Gateway Protocol
(BGP) for routing information exchange. Because of the weaknesses in
the BGP design, the Internet suffers from different security issues [1]
including BGP prefix hijacking and route leak, which are two most
common types of incidents in the BGP network. BGP prefix hijacking
involves an attacker announcing a prefix that does not belong to itself,
which causes ASes who trust those false routing announcements to
send their traffic to the wrong destination. A route leak occurs when
the attacker propagates a valid route beyond the scope intended by
the routing policy of the ASes involved [2]. In this paper, we mainly
consider the BGP prefix hijacking. BGP prefix hijacking can be used
for various malicious activities such as spamming, phishing, and traf-
fic blackholing. A well-known hijacking incident is that an ISP from
Pakistan hijacked the prefix of YouTube in 2008, causing YouTube to
be inaccessible for 2 h worldwide [3]. Moreover, the study in [4] also
demonstrates that BGP prefix hijacking can be used to attack the Bitcoin
network.
Over the last two decades, great efforts have been made by re-
searchers to secure the inter-domain network and a variety of BGP
defense mechanisms are proposed, such as [5–11]. These mechanisms
can be categorized into two types: proactive defense and reactive
defense. The main difference between the two kinds of defense mech-
anisms is that proactive defense aims at preventing the attack before it
is launched and reactive defense focuses on how to accurately detect
and mitigate the attack when it has already happened. Due to technical
and financial issues, proactive defense mechanisms like BGPsec [9] and
RPKI [8] have not been deployed globally [12] and they bring meager
security in partial deployment [13]. For example, BGPsec cannot secure
a routing path if there is an AS that does not support BGPsec in the
path, because BGPsec requires each AS of the path to validate all pre-
vious signatures and sign their signatures [13]. According to a survey
in [12], compared with proactive defense mechanisms, reactive defense
mechanisms require a simpler deployment and less modification on the
current network infrastructures, so it is easier for operators to adopt
reactive defense mechanisms.
The reactive defense mechanism often includes two parts: detection
and mitigation. In the reactive defense mechanism, if the detection sys-
tem detects that a hijack is happening, it will notify network operators
of the hijack incident. After getting the notification, there are mainly
two ways in practice to mitigate the hijack, announcing the disaggre-
gated prefix (e.g., hijacked prefix 119.63.0.0/23 can be disaggregated
to 119.63.0.0/24 and 119.63.1.0/24) or contacting network operators

∗ Corresponding author.
E-mail address: zhangpei@bupt.edu.cn (P. Zhang).

https://doi.org/10.1016/j.comnet.2021.108650
Received 21 July 2021; Received in revised form 22 November 2021; Accepted 23 November 2021
Available online 6 December 2021
1389-1286/© 2021 Elsevier B.V. All rights reserved.
M. Zeng et al.
of other ASes. However, the effects of these two mitigation strategies
are very limited. For instance, the effect of prefix-disaggregation is
not ideal when the hijacked prefix is more than /25 prefix since most
routers filter prefixes more specific than /25 [14]. Contacting with or
waiting for other networks to react to the hijack costs unpredictable
delay or even impossible [15]. Sometimes the victims have to publicly
disclose the hijacking incident in the mail to other network opera-
tors [15]. However, large-scale BGP hijacking may last for a long time
such as incidents [16,17] both lasted more than 2 h, which had a seri-
ous impact on the Internet. There is a need for a more efficient way to
mitigate the hijacking quickly. Therefore, in addition to improving the
hijacking detection accuracy, how to effectively mitigate the negative
impact of the detected hijacking is also important, especially when
there are no other direct methods to eliminate the malicious routes.
The work [18] proposed a new method for mitigating BGP prefix
hijacking (we call it outsourcing mitigation). In outsourcing mitiga-
tion, the mitigator (AS) attracts misdirected traffic by announcing the
hijacked prefix, then redirects the hijacked traffic to the victim. This
method is capable of efficiently mitigating the impact of hijacking
incidents and does not need large-scale cooperation between ASes [18]
or disaggregate the hijacked prefix. It only requires the agreement
between the victim whose prefix is hijacked and the mitigator who does
the mitigating action. The mitigation effectiveness of outsourcing miti-
gation is affected by the selection of mitigators who perform the traffic
redirection because different ASes acting as mitigators will attract
different numbers of ASes to accept their routes instead of the attackers’
routes. For example, we have done a simple experiment, in which
AS-33657 is the hijacker and hijacks the prefix of AS-398373. In this
hijack event, around 96% ASes accepted the wrong route announced
by the hijacker. If AS-20940 is selected as the mitigator, the number
of ASes accepting the wrong route can be reduced to around 4.7%.
However, if AS-174 is selected as the mitigator, the percentage can
only be reduced to around 80%. Therefore, the mitigator deployment is
crucial for maximizing the effect of outsourcing mitigation. However,
the traditional way such as selecting the neighbor of the origin AS to
mitigate [19] cannot guarantee the effectiveness of mitigation.
In this paper, we study the deployment problem of outsourcing mit-
igation, and propose a metric to quantify the mitigation effectiveness of
mitigators. To further analyze the effectiveness, we propose a mitigator
selection strategy named ARS to help select ASes with high mitigation
effectiveness, and conduct extensive analysis to study different factors
affecting the mitigation ability of different mitigators. Except for the
BGP prefix hijacking, we also study the effectiveness of outsourcing
mitigation in mitigating route leaks. To our knowledge, this paper
is the first to comprehensively study the deployment of outsourcing
mitigation by evaluating the mitigation effectiveness of different ASes
from the perspective of network topology.
Our main contributions are summarized as follows: first, a new met-
ric for evaluating the mitigation effectiveness of the hijack-mitigation
simulation is proposed. Then, a mitigator selection strategy called ARS
is proposed to help filter out ASes with high mitigation effectiveness.
After that, different characteristics of ASes that influence the mitigation
effectiveness (i.e., AS types, providers, degree, region) are analyzed
and different deployment strategies including ARS are evaluated using
the proposed evaluation metric. The relationships between the miti-
gator and hijacker/victim are also investigated. The results show that
providers of ASes play a crucial role in mitigating BGP prefix hijacking.
The ASes with many Tier-1 providers or high tier providers are more
likely to achieve high mitigation effectiveness than Tier-1 ASes. The
results also show that ARS can put ASes with a high potential of
mitigation ability in front.
The remainder of this paper is organized as follows. The overview
of the outsourcing mitigation is presented in Section 2. Section 3
introduces the methodology of this paper, including the BGP hijack-
mitigation model, the evaluation of mitigation effectiveness, the defi-
nition of ARS, and the simulation setup. Section 4 analyzes mitigation
2
Computer Networks 202 (2022) 108650
effectiveness with different AS types, AS metrics, and regions. Follow-
ing that, Section 5 illustrates important findings from the analysis.
Section 6 extends the outsourcing mitigation to route leak mitigation
and introduces the route leak mitigation details and evaluation results.
The related work and conclusions are shown in Section 7 and Section 8
respectively.
2. Background: Outsourcing mitigation overview
The outsourcing mitigation aims at attracting and redirecting the
hijacked traffic to the victim (origin AS). The AS providing outsourcing
mitigation service is called mitigator. When the mitigator receives a
mitigation request from its client, it then purges its malicious routes
about the hijacked prefix and announces this prefix. After the mitigator
receives the hijacked traffic, it has two ways to redirect the traffic to
the victim [18]. The first way is to send hijacked traffic to the victim
through tunnels. The second way is redirecting the traffic through
direct peering links which can be achieved by an IXP [20]. However,
it also limits the positions of the mitigator.
To better show the importance of selecting mitigators, Fig. 1 illus-
trates an example of hijack and mitigation scenarios, where AS-1 is
the false origin that hijacks prefix 1.2.3.0/24 owned by AS-8. There
are two types of relationships between ASes, customer–provider and
peer–peer, which are marked as gray arrows and gray straight lines
in Fig. 1 respectively. For instance, the relationship between AS-8 and
AS-4 is the customer–provider relationship, where AS-8 is a customer
of AS-4 and AS-4 is a provider of AS-8. The ASes prefer routes learned
from their customers, then peers and last providers. The detail about
the routing policy included in this example will be discussed later
in Section 3.1. In Fig. 1(a), AS-2, AS-5, AS-6, and AS-7 accept the
malicious route and are referred to as polluted ASes. Different ASes
can bring different mitigation performances when they serve as the
mitigator. Fig. 1(b) and 1 (c) illustrate two hijack-mitigation scenarios
using AS-2 and AS-5 as the mitigator respectively. If selecting AS-2 as
the mitigator, the number of polluted ASes is 3. If selecting AS-5 as the
mitigator, the number of polluted ASes is reduced to 1. Therefore, AS-5
is better at mitigating hijacking than AS-2 in this case.
Outsourcing mitigation against prefix hijacking has benefits, but
it also has several concerns. (1) One concern is that the mitigators
may announce prefixes that they do not own. Therefore, the mitigation
behavior seems like a malicious prefix hijacking. However, the behavior
is benign in fact, since the big difference between prefix hijacking and
outsourcing mitigation is that the misdirected traffic caused by the mit-
igator is completely redirected to the victim without being intercepted
or forged. (2) Therefore, there is a trust issue in the practical appli-
cation, since the victim ASes have to believe the mitigation behavior
of the mitigators is reliable, and the mitigators must check whether
the hijacked prefixes actually belong to the victims before providing
mitigation services. (3) It is possible that the hijacked traffic attracted is
huge, which may cause the mitigator to collapse under the unexpected
load. Thus, the selected ASes should be capable of coping with a large
amount of hijacked traffic without a single point of failure. Analyzing
the ability to handle traffic of different ASes is beyond the scope of this
study. Instead, we focus on analyzing mitigation effectiveness based on
topology information.
As mentioned above, outsourcing mitigation has its pros and cons.
In this paper, we aim to provide advice on how to choose appropriate
mitigators for the hijacking, and to learn more about the mitigator
to build a bridge of trust, rather than directly solving these concerns.
Therefore, in order to observe in-depth which characteristics are re-
lated to the selection of mitigators, a statistical metric for evaluating
mitigation effectiveness is proposed. In terms of the evaluation met-
ric, different aspects of mitigators are analyzed, such as the type of
ASes according to their business service and tiers, graph features like
degree and core number, AS business relationship, and region distribu-
tion. By analyzing these characteristics, we can better understand the
outsourcing mitigation.
M. Zeng et al.
Fig. 1. Example of hijack scenario and mitigating hijacking using different ASes as mitigator.
Fig. 2. Methodology structure.
3. Methodology
In this section, we introduce the methodology for evaluating the ef-
fectiveness of outsourcing mitigation. The structure of the methodology
is outlined in Fig. 2. Because it is difficult and risky to do a large-scale
mitigation simulation in the real network (e.g., it may affect the normal
routing of the Internet), similar to [13,21–23], a suitable BGP routing
model for simulating prefix hijacking and mitigating behaviors is built.
The built model has over 70,000 ASes, so to improve the efficiency of
the evaluation and better focus on those with high mitigation effective-
ness, we have removed some ASes that have low connectivity and are
unlikely to become mitigators.
From the analysis on the BGP routing policy, we assume that the
mitigation effectiveness is related to the performance of routing an-
nouncement reachability. To demonstrate our assumption, a mitigator
selection strategy ARS based on characterizing the reachability of a
mitigator’s routing announcements is proposed.
Following that, a new evaluation metric for quantifying the mit-
igation effectiveness of the simulation is introduced. Based on the
simulation and evaluation, we have analyzed different characteristics
of ASes on influencing mitigation and compared the results of different
selection strategies, which will be discussed in Section 4. The notations
and parameters used in our methodology are summarized in Tables 1
and 2.
3.1. BGP routing model
To simulate the prefix hijacking and mitigation, we briefly model
the network as an AS-level graph. As shown below, the modeling
process has four parts, including the construction of AS-level topology,
the routing policy of BGP, the selection algorithm for mitigation can-
didates, and how to simulate the hijacking and mitigation behaviors
using the routing model.
3
Computer Networks 202 (2022) 108650
AS-Level topology. The graph is constructed using the AS relation-
ship dataset collected from CAIDA [24] and Problink [25], which
is mainly inferred from the BGP table snapshots collected by public
measurement points at Route Views and RIPE RIS. In the AS rela-
tionship dataset, each connection between two ASes has a business
relationship [26]: customer–provider, provider–customer, or peer–peer. In
a customer–provider relationship, the customer pays its provider for
reaching the rest of the network [27]. In a peer–peer relationship, the
two ASes offer each other free transit service for their own routes or
routes from their customers. We briefly represent the AS relationship
dataset as a directed AS-level graph 𝐺 = (𝑉 , 𝐸), in which 𝑉 denotes
the AS set and 𝐸 denotes connections between ASes with the label of
business relationship. The route is a sequence of ASes with a target
prefix.
Routing policy. A well-known AS business relationship model — Gao–
Rexford model [28] is used to simulate the BGP routing policy. First,
assuming that all ASes in the graph 𝐺 obey the valley-free rule [26].
That is, the route learned from their providers or peers can only
be announced to their customers, and the route learned from their
customers can be announced to their providers, peers, and customers.
Therefore, when an AS receives multiple routes targeting at the same
prefix, the routing decision process is as follows:
• Local Preference (LP) - First, ASes prefer routes from customers,
then peers, and last providers.
• Path Length (PL) - Second, ASes prefer shorter paths.
If an AS receives multiple routes from its neighbors, it will first rank
them according to their local preferences, then according to their path
lengths. After executing the LP and PL policies, there may be multiple
equally preferred paths with the same local preference and path length.
So, let 𝑔(𝑣, 𝑑, 𝑥) be the number of equally preferred paths from node 𝑣
to prefix 𝑥 through origin node 𝑑 and let 𝑔 ′ (𝑣, 𝑥) be the total number
of equally preferred paths from 𝑣 to prefix 𝑥.
M. Zeng et al. Computer Networks 202 (2022) 108650

Table 1
List of part of definitions used in the attacking and mitigation scenarios.
Notation Description
origin The AS originates the target prefix as its own.
victim/true origin The legal AS owner of the target prefix.
hijacker/attacker/false origin The AS that illegally originates the target prefix as its own.
mitigator The AS that is used to mitigate the hijacking by announcing the target prefix and redirect the
attracted traffic to the true origin.
mitigated AS The AS that was attracted by the mitigator and accepted the route announced by the mitigator.
destination In the simulation, it is the target prefix.
polluted ASes in prefix hijacking ASes that accepted the wrong route announced by the hijacker.

Table 2
List of parameters used.
Parameter Description
𝐺(𝑉 , 𝐸) 𝐺 is the AS level graph, where 𝑉 is the AS set and 𝐸 is the edge set.
𝑀 The mitigation candidate set, 𝑀 ⊂ 𝑉 .
𝑥 The target prefix.
𝑑 The origin node of the target prefix 𝑥, 𝑑 ∈ 𝑉 .
𝑎 The attacker 𝑎 ∈ 𝑉 . In hijacks, it is false origin (or hijacker); in route leaks, it is leaker.
𝑡 The true origin of the target prefix, 𝑡 ∈ 𝑉 .
𝑔(𝑣, 𝑑, 𝑥) The number of equally preferred paths from node 𝑣 to the target prefix 𝑥 through origin node 𝑑, 𝑣 ∈ 𝑉 .
𝑔(𝑣, 𝑎, 𝑥) The number of equally preferred paths from node 𝑣 to the target prefix 𝑥 through false origin 𝑎, 𝑣 ∈ 𝑉 .
𝑔(𝑣, 𝑡, 𝑥) The number of equally preferred paths from node 𝑣 to the target prefix 𝑥 through true origin 𝑡, 𝑣 ∈ 𝑉 .
′
𝑔 (𝑣, 𝑥) The total number of equally preferred paths from node 𝑣 to the target prefix 𝑥.
′
𝜃(𝑣, 𝑥), 𝜃 (𝑣, 𝑥) The polluted rate of an AS in a hijacking event before and after the mitigation respectively.
|𝐴| The number of hijacking events.
ℎ𝑜𝑝𝑠(𝑑, ℎ) The number of nodes reaching the origin node 𝑑 with ℎ hops.
|𝐶| The number of nodes who cannot reach the origin node 𝑑, 𝐶 ⊂ 𝑉 .

Mitigation candidates. The outsourcing mitigation can be seen as a
competition, where mitigators and attackers compete to persuade other
ASes to accept their own routing announcements. Therefore, the ASes
with higher mitigation might be more resilient to hijacking. That is,
their prefixes are hard to be hijacked [23]. Accordingly, based on the
results of [23] that ASes provider with more Tier-1 ASes or other big
ISPs are more resilient to hijacking, we propose a method that filters out
a subset of ASes with the highest likelihood of mitigation as mitigation
candidates, which are denoted as 𝑀.
Algorithm 1 Computing Mitigation Candidates
Group ASes into 4 tiers: clique, high_tier, low_tier, stub_ tier
Mitigation candidates 𝑀 ← ∅
𝑀 ← 𝑀 ∩ 𝑐𝑙𝑖𝑞𝑢𝑒 ∩ ℎ𝑖𝑔ℎ_𝑡𝑖𝑒𝑟
for AS 𝑣 ∈ 𝑙𝑜𝑤_𝑡𝑖𝑒𝑟 ∩ 𝑠𝑡𝑢𝑏_𝑡𝑖𝑒𝑟 do
if 𝑣 ∉ 𝑀 and 𝑣 has more than one provider in 𝑐𝑙𝑖𝑞𝑢𝑒 or ℎ𝑖𝑔ℎ_𝑡𝑖𝑒𝑟
then
𝑀 ←𝑀 ∩𝑣
end if
end for
Algorithm 1 shows the filtering procedure and the details are as
follows. First, ASes in the graph are categorized into four types [29]:
clique, high tier, low tier, stub tier (Note that clique contains all ASes
in Tier-1). The candidates 𝑀 start with ASes in the clique and high tier
since they have rich connections. The ASes in the low tier and stub tier
that have more than one clique or high tier provider are also added
to the candidate set. In this way, ASes with low connectivity that are
unlikely to have high mitigation effectiveness can be removed.
Hijacking and mitigating simulation. The simulation mainly focuses
on the exact prefix hijacking, where the attacker hijacks the prefix
announced by the true origin AS (victim). The BGP simulator proposed
in [22] is used for computing equally preferred paths under the above
routing policy. But different from work in [22] that uses AS nodes as the
destination and computes paths from the source AS to the destination
AS, in the simulation, we use the prefix as the destination and aim
to compute all equally preferred paths from all the source ASes to
the destination prefix. When an AS announces a prefix, assume the
AS has a provider–customer relationship with the prefix. For example,
in a hijacking scenario, the victim and the attacker both announce
the target prefix, so the target prefix has two providers (the victim
and the attacker). In a mitigation scenario, the victim, attacker, and
mitigator all announce the target prefix, so the target prefix has three
providers (the victim, attacker, and mitigator). Based on the last hop
of the target prefix, we can determine whether the source AS reached
the target prefix through the hijacker, victim, or mitigator. In this way,
the hijacking and mitigating of prefixes can be simulated.
Taking Fig. 1(b) for example, the destination is prefix 1.2.3.0/24.
The preferred path from AS-3 to the prefix 1.2.3.0/24 is (AS-3, AS-4,
1.2.3.0/24) and the last hop of the target prefix is true origin AS-4,
which means AS-3 is not polluted. The preferred path from AS-7 to the
prefix 1.2.3.0/24 is (AS-7, AS-6, AS-5, AS-1, 1.2.3.0/24) and the last
hop of the target prefix is false origin AS-1, so the AS-7 is polluted.
Similarly, in Fig. 1(c), the last hop of AS-6 and AS-7 is mitigator AS-
5, so the AS-6 and AS-7 are mitigated by AS-5 (Please note that the
mitigator will eventually redirect the traffic of AS-6 and AS-7 to true
origin AS-1).
The key of the hijacking and mitigation simulation based on [22]
is to build a routing tree 𝑇 , which contains all equally preferred next
hops for each node to reach the target prefix 𝑥. By using these next
hops in 𝑇 we can obtain the equally preferred paths from every node
to the target prefix and then determine which ASes are polluted. To
better understand the computation, the building procedure of 𝑇 can be
divided into three parts. In each part, a certain relationship type of AS
links is used to build a partial BFS routing tree. The detail of building
the partial BFS routing tree is shown in Algorithm 2. The entire process
of using Algorithm 2 to build the routing tree 𝑇 is shown in 3.

4
M. Zeng et al. Computer Networks 202 (2022) 108650

Algorithm 2 BFS-Routing as ASes with shorter paths might have high mitigation effectiveness.
Based on this assumption, the metric ReachInf is defined as follows:
1: Input: stage 𝑖, relationships 𝑅, routing tree 𝑇 , target prefix 𝑥.
2: Output: new routing Tree 𝑇
′ ∑ 1
ℎ ℎ𝑜𝑝𝑠(𝑑, ℎ) ⋅ ℎ
3: /* Init variable 𝑄, 𝑣𝑖𝑠𝑖𝑡𝑒𝑑, 𝑙𝑒𝑣𝑒𝑙, */ 𝑅𝑒𝑎𝑐ℎ𝐼𝑛𝑓 (𝑑) = (1)
′ |𝐶|
4: 𝑣𝑖𝑠𝑖𝑡𝑒𝑑 ← ∅, 𝑙𝑒𝑣𝑒𝑙 ← ∅, 𝑇 ← 𝑇 , InitQueue(Q)
5: Q.enqueue(x) /* Inserting 𝑥 in queue Q */, where ℎ𝑜𝑝𝑠(𝑑, ℎ) is the number of nodes reaching the origin node 𝑑
6: while 𝑄 is not empty do with ℎ hops, |𝐶| is the number of nodes who cannot reach the origin
7: 𝑢 ←Q.dequeue() /* Removing the element from 𝑄 */ node 𝑑. 𝑅𝑒𝑎𝑐ℎ𝐼𝑛𝑓 (𝑑) is the AS reachability influence of the node 𝑑 and
8: for 𝑛 in 𝑅𝑢 and 𝑛 ∉ 𝑣𝑖𝑠𝑖𝑡𝑒𝑑 do guarantees that the longer path has lower importance.
9: if 𝑖 = 1 then
10: 𝑐 ← ((𝑛 not in 𝑙𝑒𝑣𝑒𝑙) or (𝑛 in 𝑙𝑒𝑣𝑒𝑙 and 𝑙𝑒𝑣𝑒𝑙𝑛 = 𝑙𝑒𝑣𝑒𝑙𝑢 )) Algorithm 4 ARS
11: else
Input: 𝐺 = (𝑉 , 𝐸)
12: 𝑐 ← (𝑛 ∉ 𝑇 ) and ((𝑛 not in 𝑙𝑒𝑣𝑒𝑙) or (𝑛 in 𝑙𝑒𝑣𝑒𝑙 and 𝑙𝑒𝑣𝑒𝑙𝑛 ≠
Output: 𝑅𝑎𝑛𝑘𝑖𝑛𝑔
𝑙𝑒𝑣𝑒𝑙𝑢 + 1))
𝑅𝑎𝑛𝑘𝑖𝑛𝑔 = ∅
13: end if
for ∀𝑑 ∈ 𝑉 do
14: if 𝑐 = True then
′ ′ 𝐶=∅
15: Q.enqueue(n), 𝑙𝑒𝑣𝑒𝑙𝑛 ← 𝑙𝑒𝑣𝑒𝑙𝑢 + 1, 𝑇𝑛 ← 𝑇𝑛 ∪ 𝑢.
′ 𝑠=0
16: /* 𝑇𝑛 denotes equally preferred nexthops of 𝑛 to reach 𝑥 */
for ∀𝑣 ∈ 𝑉 − {𝑑} do
17: end if
Calculate the path from 𝑣 to 𝑑 using [22]
18: end for
if 𝑣 can reach the 𝑑 with ℎ hops and ℎ > 0 then
19: if 𝑖 = 2 then
𝑠 ← 𝑠 + 1∕ℎ
20: for 𝑛 ∈ 𝑇𝑢 and 𝑛 ∉ 𝑣𝑖𝑠𝑖𝑡𝑒𝑑 do
else
21: Q.enqueue(n), 𝑙𝑒𝑣𝑒𝑙𝑛 = 𝑙𝑒𝑣𝑒𝑙𝑢 + 1
𝐶 ← 𝐶 ∪ {𝑣}
22: end for
end if
23: end if
end for
24: Put 𝑢 in 𝑣𝑖𝑠𝑖𝑡𝑒𝑑 𝑠
𝑅𝑒𝑎𝑐ℎ𝐼𝑛𝑓 (𝑑) = |𝐶|
25: end while
′ 𝑅𝑎𝑛𝑘𝑖𝑛𝑔 ← 𝑅𝑎𝑛𝑘𝑖𝑛𝑔 ∪ {𝑅𝑒𝑎𝑐ℎ𝐼𝑛𝑓 (𝑑)}
26: return 𝑇
end for
Sort 𝑅𝑎𝑛𝑘𝑖𝑛𝑔 from high to low
Algorithm 3 BGP Routing Tree
AS reachability influence selection (ARS). The ARS is a strategy using
1: Input: link set 𝐸, target prefix 𝑥, origin nodes 𝑂
the metric ReachInf for selecting mitigators. The detail about the ARS
2: Group links 𝐸 into 3 sets in terms of business relationships:
provider–customer 𝑃 𝐶, peer–peer 𝑅𝑅, customer–provider 𝐶𝑃 . is shown in Algorithm 4. First, for every node 𝑑 in 𝑉 , calculate the
3: Routing tree 𝑇 ← ∅
equally preferred paths from other nodes to 𝑑. Then, count the number
4: for each origin node 𝑜 ∈ 𝑂 do of nodes that cannot reach 𝑑 and sum the ℎ1 when the node that can
5: /* Add a customer–provider relationship between 𝑥 and 𝑜 into reach 𝑑 with ℎ > 0 hops. By using Eq. (1), the value of 𝑅𝑒𝑎𝑐ℎ𝐼𝑛𝑓 (𝑑) for
𝐶𝑃 */ all nodes in the graph can be obtained and then the selecting results of
6: 𝐶𝑃𝑥 ← 𝐶𝑃𝑥 ∪ {𝑜} ARS can be obtained by sorting these values.
7: /* Add a provider–customer provider relationship between 𝑜 and
𝑥 in 𝑃 𝐶 */ 3.3. Mitigation evaluation
8: 𝑃 𝐶𝑜 ← 𝑃 𝐶𝑜 ∪ {𝑥}
9: end for As discussed in the previous example, different mitigator selec-
10: /* Stage one: use Algorithm 2 to build tree 𝑇 by using 𝐶𝑃 */ tion strategies will affect different numbers of polluted ASes. In order
11: 𝑇 ← BFS-Routing(1, 𝐶𝑃 , 𝑇 )
to evaluate the effects of mitigator selection after the simulation, a
12: /* Stage two: use Algorithm 2 to add edges into 𝑇 by using 𝑃 𝑃 */
new metric Mean Reduced Pollution Rate (MP) is proposed. Before
13: 𝑇 ← BFS-Routing(2, 𝑃 𝑃 , 𝑇 )
introducing the MP, we first describe the definition of pollution rate.
14: /* Stage three: use Algorithm 2 to add edges into 𝑇 by using 𝑃 𝐶
*/ Pollution rate. The pollution rate is used for measuring the possibility
15: 𝑇 ← BFS-Routing(3, 𝑃 𝐶, 𝑇 ) of ASes who will accept the wrong routes announced by the hijacker.
16: return 𝑇 For each iteration of mitigation simulating, one hijack-mitigation triplet
(𝑎, 𝑡, 𝑚) is selected to announce the given prefix where 𝑎 is the hijacker,
𝑡 is the true origin AS and 𝑚 is the selected mitigator. Based on the
3.2. Mitigator selection strategy: ARS number of preferred paths passing through these three ASes respec-
tively, the possible pollution rate of an AS 𝑣 denoted as 𝜃 ′ (𝑣, 𝑥) after
the mitigation can be calculated by the following equations:
We use the metric named ReachInf to characterize the routing
reachability of ASes, and develop a mitigator selection strategy called 𝑔 ′ (𝑣, 𝑥) = 𝑔(𝑣, 𝑎, 𝑥) + 𝑔(𝑣, 𝑡, 𝑥) + 𝑔(𝑣, 𝑚, 𝑥) > 0 (2)
ARS by ranking ReachInf. The objective of ARS is to expose as many
ASes with high mitigation effectiveness as possible. 𝑔(𝑣, 𝑎, 𝑥)
𝜃 ′ (𝑣, 𝑥) = (3)
AS reachability influence (ReachInf). the BGP routing policy in Sec- 𝑔 ′ (𝑣, 𝑥)
tion 3.1 we can see, if an AS is mitigated, it is usually because the where the 𝑔(𝑣, 𝑎, 𝑥) denotes the number of equally preferred paths from
mitigator has a shorter path or a higher local preference to the target node 𝑣 to attacker 𝑎 to reach prefix 𝑥 and 𝑔(𝑣, 𝑡, 𝑥) is the number of
prefix. We assume ASes are mitigated more due to shorter paths than equally preferred paths from 𝑣 to true origin 𝑡 to reach prefix 𝑥. Eq. (2)
due to the higher local preference. So, ASes who can reach as many guarantees that 𝑣 has at least one path to reach 𝑥.

5
M. Zeng et al.
Mean reduced pollution rate (MP). The MP is used to measure the
mitigation effectiveness of mitigators. Let 𝐴 be the attacker–victim set
and 𝑆 be the node set that can reach prefix 𝑥. The MP of mitigator 𝑚
denoted as 𝑀𝑃 (𝑚) is defined as follows:
∑ ∑
̄ =1−
𝜃𝑚,𝑎,𝑡 𝜃 ′ (𝑣, 𝑥)∕ 𝜃(𝑣, 𝑥) (4)
𝑣∈𝑆−{𝑎,𝑡,𝑚} 𝑣∈𝑆−{𝑎,𝑡}
∑ ̄
(𝑎,𝑡)∈𝐴 𝜃𝑚,𝑎,𝑡
𝑀𝑃 (𝑚) = (5)
|𝐴|
where 𝜃(𝑣, 𝑥) and 𝜃 ′ (𝑣, 𝑥) are the pollution rate before and after the
mitigation respectively. |𝐴| is the number of hijacking incidents. The
high MP means high mitigation effectiveness. Therefore, the goal of
mitigator selection strategies can be transformed into filtering as many
as ASes that have a high MP.
3.4. Simulation setup
In this subsection, we give a summary of simulation setup. The
BGP simulation framework used in this paper is introduced in Sec-
tion 3.1. The simulation for computing equally preferred paths is shown
in Algorithm 3 and is implemented by C++. The experiments are
conducted on a server with 48 CPUs: Intel(R) Xeon(R) Silver 4214
CPU 2.20 GHz, Memory: 64 GB, and OS: Ubuntu 20.10. The detail of
simulation procedure is shown as follows:
• AS-level topology construction. An AS-level graph is
constructed by using historical BGP data in November 2020
collected from the CAIDA Relationship dataset [24] and Problink
dataset [25]. The CAIDA Relationship dataset is generated from
the public BGP routing data, Ark traceroute data, and multi-
lateral peering [30]. The Problink dataset reveals more complex
relationships than the CAIDA Relationship dataset and it is used
as a supplement to the CAIDA in the simulation. The constructed
graph consists of 70,661 ASes and 454,690 AS links. Each AS link
is labeled with a business relationship type using the relationship
dataset mentioned above.
• Mitigation candidate AS set selection. Using the filtering algo-
rithm in Algorithm 1 to obtain a mitigation candidate set with a
size of 20,486.
• Hijacking event deployment. The hijacking events used in the
simulation are from BGPstream possible hijack reports [31,32].
We collected 1,855 hijack incidents from December 2019 to
December 2020. Each hijacking event includes a hijacker AS, a
victim AS, and a target prefix. The hijacker AS and victim AS both
announce that they can directly reach the target prefix.
• Mitigator evaluation. Using selecting strategies (e.g., ARS, se-
lecting an AS with the most number of providers, etc.) to select
an AS from the mitigation candidate set as the mitigator to
mitigate the hijacking event. In the mitigation, the mitigator
also announces that it can directly reach the target prefix of the
hijacking event. Then, we compute the equally preferred paths of
each AS to reach the target prefix. Repeat the mitigation for every
hijacking event. Finally, we can compute the MP of the mitigator
using Eq. (5) to evaluate its mitigation effectiveness.
4. Characterizing mitigation effectiveness
In this section, we conduct extensive experiments for capturing
more features of ASes with high mitigation effectiveness: (1) First, we
explore the mitigation effectiveness of different AS types including AS
business types and AS tier types. (2) Second, several metrics used to
measure the importance of ASes (e.g., core number, degree, provider,
ReachInf ) are analyzed, and then their relevant selection strategies are
compared in the performance of mitigation. Through this analysis, we
can have a better understanding of how different metrics affect the
mitigation effectiveness. (3) After that, we study how the mitigation
effectiveness varies by region.
6
Computer Networks 202 (2022) 108650
4.1. Mitigation effectiveness with AS types
In this subsection, we explore mitigation effectiveness of different
AS types. There are two kinds of AS types considered, AS business type
and AS tier type.
AS business type. The AS business types are categorized based on
the business services ASes provide, which include the following three
categories [33]: Content, Transit/Access, and Enterprise. To explore
which business types may have high mitigation effectiveness, Fig. 3(a)
shows the MP distribution (CDF) of different AS business types. The
results show that the Content performs better than both Transit/Access
and Enterprise in the MP. One of the reasons for this observation
is that Content providers are expanding their network infrastructures
due to the Internet flattening and connect more networks to enrich
their network reachability [34], which also makes them occupy a
decisive position in mitigation effectiveness. Large Content Providers
like Akamai (AS-20940) and Cloudflare (AS-13335) even rank in the
top two of the MP.
AS tier type. previously introduced in Section 3.1, there are three AS
tier types: clique, high tier, low tier, and stub tier. Fig. 3(b) illustrates
the MP distribution (CDF) of different tiers. The results show that ASes
of the high tier have higher mitigation effectiveness than those of other
tiers. Around 60% of high tier ASes have more than 0.4 MP value.
Moreover, we note that the ASes in the clique are not suitable for
providing mitigation services due to their poor performance in the MP
(e.g., All ASes in Clique have less than 0.3 MP value).
4.2. Mitigation effectiveness with AS metrics
In this subsection, we shift focus to the comparison of mitiga-
tion effectiveness with different AS metrics: graph metrics (degree,
core number), AS business relationship metrics (customer cone size,
provider, Tier-1 provider), and ReachInf. To get a perspective on the
relationship between these AS metrics and mitigation effectiveness, we
analyze the top 100 ASes (denoted as Top100) that have the highest MP
value in the mitigation candidate set. Fig. 4 shows the value of these
metrics in the Top100 where Perc(X,q) returns the q-th percentile of
the data X [35]. For example, Perc(Core number, 50) is the average
core number of ASes in the mitigation candidate set.
(1) Core number. In a k-core subgraph, all nodes have more than
k degrees. If a node is in a k-core subgraph but not in (k+1)-core
subgraph, then its core number is k. The core number can represent the
density of a graph. The results in Fig. 4(a) show that only 14% of ASes
have the largest core number and the core number has no significant
relationship with mitigation effectiveness in the Top100 list. The ASes
in the Top100 are all larger than the 50th percentile of core number and
most of them (67%) are larger than the 90th percentile. Additionally,
it indicates that ASes with the high mitigation abilities may not be in
the core of the Internet but may have a larger core number than 90%
of ASes.
(2) Degree. The degree is a simple metric that measures the number of
connections between nodes. It does not consider the business relation-
ships of AS neighbors. Fig. 4(b) shows that all ASes from the Top100
have a higher degree than the average. But these spikes in the figure
also show that a higher degree does not always mean higher mitigation
effectiveness. For example, AS-6939 and AS-24482 both have more
than 4000 degrees, but they are not in the Top100. Besides, 31%
of ASes in the Top100 have lower degrees than 90% of ASes in the
mitigation candidate set. Therefore, the degree metric can provide some
references but still cannot filter AS with a high MP value very well.
M. Zeng et al.
Fig. 3. Mitigation effectiveness in different AS types.
Fig. 4. Different metrics in the Top100 where Perc(X, q) returns the q-th percentile of the X.
(3) Customer cone size. The customer cone size data is collected from
CAIDA [36], which describes the influence of an AS through customer
networks. Fig. 4(c) shows the customer cone size of the Top100. It
can be seen that the customer cone size does not strongly relate to
the mitigation effectiveness. One possible reason for this observation is
that the routes from providers are in the lowest local preference, which
makes mitigation very difficult to go on.
(4) Providers. The routes from customers have the highest local pref-
erence, which makes ASes with a large number of providers more likely
to spread their routes to other ASes. Fig. 4(d) shows the number of
providers in the Top100. From the results we can see, the number of
providers of all ASes in the Top100 exceeds the average. The AS-20940
and AS-13335 are the two ASes with the most number of providers, and
they have over 100 providers each. It can be seen that the number of
providers is closely related to MP value, that is, MP increases with the
number of providers.
(5) Tier-1 providers. According to observations made in [23], ASes
with more Tier-1 providers are more likely to have strong attacking
abilities. Attacking power can also be considered as a mitigating ability.
Thus, the number of tier-1 providers of ASes is analyzed. The Tier-
1 ASes can provide their customers with as many opportunities as
possible to reach other ASes. Fig. 4(e) shows the number of Tier-1
providers in the Top100. About 97% of ASes in the Top100 are above
7
Computer Networks 202 (2022) 108650
average and 75% of ASes own more than 3 Tier-1 providers. There
are 3 ASes without Tier-1 providers, namely AS-134176, AS-60592,
and AS-134526, of which AS-134176 and AS-134526 are both from
the same country. Even though they are not customers of Tier-1 ASes,
they provider with many ASes in the Top100, such as AS-60592 has
3 providers in the Top100 and AS-134176 even has 5 providers in the
top 30 of Top100. Therefore, it can be deduced that connecting to ASes
with a high MP value might enhance its mitigation capability.
(6) ReachInf . The ReachInf defined in Section 3.2 is proposed to
measure the mitigation ability. The ASes who can spread their routes
to more other ASes with short distances might have a high ReachInf
value. Fig. 4(f) shows that the ReachInf value of all ASes in the Top100
is much higher than the top 90% of ASes in mitigation candidates.
Moreover, compared with results in Fig. 4(d), ReachInf shows a clearer
decreasing trend with the decreasing of MP.
Combined with the results in Fig. 4, it can be concluded that among
these metrics, the majority of ASes in the Top100 are above the average
and the ReachInf has the strongest relationship with mitigation effec-
tiveness compared with other metrics. In order to show the relationship
more clearly, Fig. 5(f) shows the linear regression model fit of different
metrics in the Top100. In addition, we calculate the Pearson correlation
coefficients between these metrics and MP. The results are shown in
Table 3. The Pearson correlation coefficients can measure the degree
M. Zeng et al.
Fig. 5. The linear regression model fit of different metrics in the Top100.
Table 3
The Pearson correlation coefficients of different metrics and mitigation effectiveness in the Top100.
Y = Core number
Pearson correlation coefficient 𝜌(𝑀𝑃 , 𝑌 ) 0.2598
of correlation between two variables and their value range from −1 to
1. According to the results, ReachInf has a higher correlation coefficient
than Providers.
Comparison of different mitigator selection strategies. To further as-
sess the impacts of the above metrics on mitigation effectiveness,
we compare the mitigator selection strategies based on these metrics
to determine which metrics have the most impact on the mitigation
performance. The strategies are shown below:
• Core, selecting ASes with the largest core number from the AS set
𝑉.
• AS Rank [36], selecting ASes with the largest customer cone size
from the AS set 𝑉 .
• Degree, selecting ASes with the largest degree from the AS set 𝑉 .
• Provider, selecting ASes with the largest number of
providers from the AS set 𝑉 .
• Tier1-P, selecting ASes with the largest number of Tier-1
providers from the AS set 𝑉 .
• ARS, selecting ASes with the largest ReachInf value from the AS
set 𝑉 .
Each strategy selects 100 ASes for mitigation and sorts them by MP
value. The previously mentioned Top100 is used for comparing how
far the results are from the optimal ones. Fig. 6 shows that the ARS
strategy performs best, which demonstrates that ARS can put ASes with
high mitigation effectiveness in front. The ASes with a large number of
providers also perform well.
From results in Fig. 6, no matter what strategy is selected, there
are always around 30% ASes that have an MP value over 0.7. The
observation demonstrates that these selection strategies can select a
small part of ASes with good mitigation effectiveness. However, ideally,
we expect the strategy can filter out as many ASes with high mitigation
effectiveness as possible. Thus, ARS is the first best choice. However,
if it is hard to calculate the ReachInf value of all ASes, the following
advice learned from the above analysis is offered:
Computer Networks 202 (2022) 108650
Customer cone size Degree Providers Tier-1 providers ReachInf
−0.0017 0.1808 0.5679 0.1339 0.7934
1. First, selecting ASes that own a large number of providers.
2. Second, carefully observing their providers. If they provider with
many ASes from Tier-1, high tier, or large degree list, these ASes
might have high mitigation effectiveness.
3. Content providers and ASes from high tier might have high
mitigation effectiveness.
4.3. Attack message delivering using mitigators
4.4. Mitigation effectiveness with regions
To get a perspective of how mitigation effectiveness of mitiga-
tors varies in different places of the world, we analyze the mitiga-
tion effectiveness with different regions, including continent-level and
country-level analysis.
Continent-level. The mitigation data from experiments are grouped
by continent. The ASes in mitigation candidates 𝑀 are from North
America (NorA, 39.4%), Europe (EU, 37.5%), Asia (AS, 10.9%), South
America (SA, 8.1%), Oceania (OC, 2.44%), and Africa (1.66%). The MP
data are discretized into 10 levels of the same width. The mitigators
with the highest MP are in MP level 10 and the lowest MP are in MP
level 1. Fig. 7 shows the distribution of mitigation effectiveness per
continent. In Fig. 7(a), the mitigators in North America and Europe see
the largest number of ASes with a high MP value. It is observed from
Fig. 7(b) that the peak of North America is located in the smallest MP
level 3 while Asia is located in the level MP group 5 in comparison
to other continents. Therefore, even though North America accounts
for the most fraction of ASes with high mitigation effectiveness, it also
has a large proportion of mitigators that perform unsatisfactorily in
mitigation.
Country-level. To analyze country distribution of ASes that have high
mitigation effectiveness, Fig. 8 illustrates the area distribution of the
Top100. It can be seen that the United States, China, Netherlands, and
Switzerland all hold an important part in the number of Top100 and
the United States accounts for almost half of them.
8
M. Zeng et al. Computer Networks 202 (2022) 108650

Fig. 6. Comparison of different mitigator selection strategies where Top100 is the top 100 ASes with the highest MP in the mitigation candidates.

Fig. 7. The mitigation effectiveness per continent. Each cell shows how many ASes each continent has in a particular MP group.

Fig. 9. The distribution of relation between hijacker, victim, and AS 𝑚ℎ𝑖𝑔ℎ where 𝑚ℎ𝑖𝑔ℎ
Fig. 8. The country distribution of Top100. is the mitigators with the highest mitigation effectiveness in each hijacking incident.
The 𝑦-axis shows the probability in each relation type to the total number of incidents.

5. Learn from mitigation incidents of hijacking

5.1. Cut off the main malicious routing

In some cases, the spread of malicious routes is highly dependent

In this section, the key findings from mitigation incidents are pre-
sented to provide a deeper understanding of the relationship between
the hijacker/victim and the mitigator. Besides, the hijacking-mitigation
scenarios where the ASes with high mitigation effectiveness become
attackers are discussed.
on one or several neighbors of the hijacker, that is, these neighbors
play a vital role in malicious routing. Cutting off the main mali-
cious routing may contribute a lot to the mitigation. For example,
there is a hijacking incident (AS-202322, AS-134176) in which AS-
202322 hijacks the prefix of AS-134176. By studying the malicious
routes, we found that the routing of AS-202322 mainly depends on its

9
M. Zeng et al. Computer Networks 202 (2022) 108650

Fig. 10. The relation distribution between 𝑚ℎ𝑖𝑔ℎ and the provider/customer/peer of the hijacker/victim. The 𝑦-axis shows an estimate of central tendency for the probability of
each relation type.

provider AS-20473. Thus, in the experiment, AS-20473 becomes the

most effective in mitigating the ASes polluted by AS-202322. Another
hijacking incident (AS-51559, AS-43350) is similar to the incident
(AS-202322, AS-134176). In this incident, AS-20473 is one of three AS-
51559’s providers and around 38.5% polluted ASes are influenced by
the malicious transit of AS-20473. In the evaluation, AS-20473 has the
highest mitigation effectiveness for the hijacking incident (AS-51559,
AS-43350) among the mitigation candidates.
Based on this observation, an experiment is conducted to further
study the relationship between the hijacker, victim, and AS with the
highest mitigation effectiveness for a hijacking incident. In each hijack-
ing incident, there is a triplet (𝑎, 𝑣, 𝑚ℎ𝑖𝑔ℎ ) where 𝑎 is the hijacker, 𝑣 is the
victim, and 𝑚ℎ𝑖𝑔ℎ is the AS with the highest mitigation effectiveness for
hijacking incident (𝑎, 𝑣). We count the number of hijacking incidents
that the AS 𝑚ℎ𝑖𝑔ℎ is the neighbor of the hijacker 𝑎 or victim 𝑣. The
results show that such incidents accounted for around 55.9% of the
total number of hijacking incidents. Fig. 11. The MP value in attack scenarios with given attackers.
According to the results, the 𝑚ℎ𝑖𝑔ℎ of around 67% hijacking inci-
dents is AS-20940. To reduce the bias, Fig. 9 illustrates the results
considering incidents with and without 𝑚ℎ𝑖𝑔ℎ =AS-20940 respectively.
The 𝑥-axis shows the percentage of incidents in each relationship to the 5.2. ASes with highest mitigation effectiveness
total number of incidents. In the top subfigure of Fig. 9, there are about
46.9% 𝑚ℎ𝑖𝑔ℎ is neither a neighbor of the hijacker or a neighbor of the There is another important thing that should be noticed: what if an
victim and around 84.3% 𝑚ℎ𝑖𝑔ℎ is not the neighbor of the victim. In the
AS with high mitigation effectiveness becomes an attacker? Who can
bottom subfigure of Fig. 9, after remove the incidents that 𝑚ℎ𝑖𝑔ℎ =AS-
efficiently mitigate the malicious propagation? Based on this assump-
20940, the percentage of Relation(𝑚ℎ𝑖𝑔ℎ , hijacker)=IsNeighbor is much
higher than that of Relation(𝑚ℎ𝑖𝑔ℎ , hijacker)=IsNotNeighbor. Based on tion, the top 3 ASes of Top100 are selected, AS-20940, AS-13335, and
the results shown in Fig. 9, the 𝑚ℎ𝑖𝑔ℎ has more relationships with the AS-21859. They show a high mitigation effectiveness in the experiment
hijacker than the victim. When the 𝑚ℎ𝑖𝑔ℎ is the neighbor of the hijacker, results and have appeared in the list of attackers reported in the
the possibility that the 𝑚ℎ𝑖𝑔ℎ is a provider of the hijacker is higher history of BGPstream possible hijacking. For example, according to the
than other types of relationships. Therefore, cutting off main malicious BGPstream report, AS-20940 might have hijacked a prefix of AS-61689
routing can start with selecting the provider of the hijacker as the on February 8, 2020. So, we simulate hijacking incidents where the
mitigator. attacker is one of three (AS-20940, AS-13335, AS-21859) and analyze
Similar to the methodology used in Fig. 9, we continue to investi- the relative mitigation results.
gate the relationship between 𝑚ℎ𝑖𝑔ℎ and the neighbor (provider, peer,
Fig. 11 shows that the MP of top 100 ASes under 3 different
customer) of hijacker/victim to find out whether 𝑚ℎ𝑖𝑔ℎ is close to the
hijacker/victim. The results are shown in Fig. 10. It can be seen that if attackers. In the cases that AS-13335 and AS-21859 are attackers, AS-
the 𝑚ℎ𝑖𝑔ℎ is a neighbor of the hijacker’s provider, 𝑚ℎ𝑖𝑔ℎ and the hijacker 20940 is always the best choice for mitigating. It can be seen that most
might have the same provider. Thus, except for the provider of the of ASes have less than 0.4 MP value under these three attackers. This
hijacker, the customer of the hijacker’s provider can also be effective observation reflects that the polluted ASes caused by attackers with
in mitigation. high mitigation effectiveness are hard to be mitigated.

10
M. Zeng et al.
Fig. 12. Comparison of different mitigator selection strategies in terms of mitigation effectiveness in route leak mitigation scenarios.
6. Extension: Mitigation effectiveness in route leaks
For route leak mitigation, it faces similar challenges as prefix hi-
jacking mitigation introduced earlier. The mitigation of route leaks
mainly depends on manual correction after the network operators or
administrators receive alerts from the detection system, e.g., route leak
detection service provided by Cloudflare [37]. In a route leak, since
the propagated AS path contains a valid first set of ASes, the length
of offending paths tends to be longer than the original paths. So, the
outsourcing mitigation may also be available for reducing the impact
of route leaks by directly announcing the target prefix. In this section,
we extend the outsourcing mitigation to mitigate route leaks and study
mitigation effectiveness in route leaks. First, we describe the leaking
and mitigating simulation, and then give the mitigation evaluation
metrics for route leaks. Last, the mitigation results are presented.
Leaking and mitigating simulation. As mentioned before, route leaks
occur when the route propagation violates the agreed routing policy,
which is the valley-free rule in this simulation. That is, if the attacker
leaks the route learned from one of its provider or peer to another
provider or peer, it is a route leak incident. The attacker is called
a leaker in the route leak and the ASes accepting the wrong route
are called polluted ASes. The leaking simulation is more complicated
than hijacking since it needs to change the routing policy. So we
customize the event-driven simulator in [38] to simulate the leaking
and mitigation. In the simulator, all nodes follow the valley-free rule. If
a node is a leaker, we change its original routing policy in the simulator
to allow it to leak routes. In a leaking scenario, the victim announces
the target prefix and the leaker leaks the learned route from its provider
or peer to all other providers or peers. In a mitigation scenario, the
victim and mitigator both announce the target prefix, and the leaker
continues to leak the learned route. After the simulation, each AS will
have a selected AS path to the target prefix. By checking whether the AS
path selected by the AS violates the valley-free rule, we can determine
whether the AS is polluted.
Pollution rate and MP for route leak mitigation. The pollution rate is
a little different in route leak mitigation from in hijacking mitigation
since not all paths pass through the attacker are illegitimate. Whether
the path is legitimate or not depends on whether it violates the valley-
free rule. Thus, we use the 𝑎 (𝑣, 𝑡, 𝑥) to denote the number of equally
11
Computer Networks 202 (2022) 108650
illegitimate preferred paths from node 𝑣 to true origin 𝑡 to reach prefix
𝑥 that violates the valley-free rule due to the attacker 𝑎. The ¬𝑎 (𝑣, 𝑡, 𝑥)
denotes the number of equally legitimate preferred paths from node
𝑣 to true origin 𝑡 to reach prefix 𝑥. The 𝑎 (𝑣, 𝑚, 𝑥) and ¬𝑎 (𝑣, 𝑚, 𝑥) are
the number of equally illegitimate and legitimate preferred paths from
node 𝑣 to mitigator 𝑚 to reach prefix 𝑥 respectively. Therefore, the
polluted rate 𝜃 ′ (𝑣, 𝑥) for route leaks after the mitigation is defined as
follows:
′ (𝑣, 𝑥) = 𝑎 (𝑣, 𝑡, 𝑥) + ¬𝑎 (𝑣, 𝑡, 𝑥) + 𝑎 (𝑣, 𝑚, 𝑥) + ¬𝑎 (𝑣, 𝑚, 𝑥) (6)
𝑎 (𝑣, 𝑡, 𝑥) + 𝑎 (𝑣, 𝑚, 𝑥)
𝜃 ′ (𝑣, 𝑥) = (7)
′ (𝑣, 𝑥)
The MP calculation equation for route leaks is consistent with Eq. (5)
while 𝐴 represents the leaking pairs of true origin and leaker (𝑡, 𝑎), and
|𝐴| represents the number of leaking events.
Simulation setup. The AS-level graph remains the same as the graph in
Section 3.4. The leaking events used in the simulation are from possible
BGP leak reports of BGPstream [31,32]. We collected 409 route leak
incidents from December 2019 to December 2020. The BGP simulator
refers to the simulator in [38] introduced before and is implemented
by Kotlin.
Results. The same six selection strategies (Core, AS rank, Degree,
Tier1-P, Provider, ARS) introduced in Section 4.2 are used in the
experiments. Each selection strategy provides 100 ASes as mitigators.
For each route leak event, the mitigation simulation is performed for
every mitigator selected by selection strategies. As shown in Eqs. (6)
and (7), the mitigation for route leaks is affected by the number of
ASes passing through the leaked route. As a result, if paths that reach
the target prefix announced by the mitigator successfully avoid passing
through the leaker, it may reduce more polluted ASes than before,
resulting in a positive MP. If these paths primarily pass through the
leaker, it may add more polluted ASes than before, resulting in a
negative MP.
From the results in Fig. 12 we can see, most of the mitigators
selected by Provider and ARS have more positive MPs and less negative
MPs than other strategies, which indicates that these two strategies
can effectively select mitigators for route leaks. The bottom subfigure
of Fig. 11(b) compares the results between the MP ranges of 0 and 1
M. Zeng et al.
captured in the top subfigure of Fig. 11(b). Around 80% ASes selected
by ARS have more than 0.8 MP, which is better than Provider.
7. Related work
Zhang et al. [10] proposed an automatic reactive mitigation mecha-
nism to help mitigate hijacking by cleaning and correcting false routes.
It selects several ASes known as lifesavers before the hijacking. When a
hijacking incident is detected, all lifesavers begin to clean the malicious
routes, and a promoter AS set selected from lifesavers promotes the
valid route by putting ASes in AS_PATH into AS_SET. However, this
mechanism needs complex cooperation with all lifesaver ASes. Tower
Defense [39] studies two types of mitigation methods: reflecting, redi-
recting traffic to another destination, and mirroring, imitating the true
destination to respond to incoming traffic. Compared with reflecting,
the mirroring mitigation is harder to be widely used because it requires
a copy of services on victims. Tower Defense aims at deploying prefix
hijacking detection and mitigation systems. It uses several mitigation
systems for one hijacking event, which is more complicated for prac-
tical application, and its greedy algorithm used for mitigation system
deployment is inefficient because every time it selects a mitigation sys-
tem, it needs to evaluate the mitigation impact of all other unselected
ASes on the hijacking event.
ARTEMIS [18] is an automatic and real-time hijack detection and
mitigation system. It uses prefix-disaggregation for mitigation or out-
sources mitigation to organizations that offer outsourced services. Un-
like the work in [10], outsourcing mitigation does not need complex
or large-scale cooperation with other networks. Therefore, compared
with correcting false routes like [10], traffic redirecting like Tower
Defense and ARTEMIS are more practical. However, ARTEMIS does not
comprehensively analyze the mitigation effectiveness of different ASes.
In order to better mitigate the prefix hijacking, it is crucial to identify
properties of ASes with high mitigation effectiveness. This paper fo-
cuses on studying the impact of outsourcing mitigation from different
aspects and systematically investigates the mitigation effectiveness of
different ASes when they are selected as mitigators.
8. Conclusions
In this work, we analyze various factors that influence the miti-
gation effectiveness of ASes, such as the number of providers, Tier-1
providers, degree, core number, AS type, and region. We also proposed
a metric ReachInf to measure the mitigation potentiality of ASes and
a selection method named ARS to select mitigators. According to the
analysis, ASes with many Tier-1 providers or high tier providers may
achieve higher mitigation effectiveness than Tier-1 ASes, and ARS can
filter out ASes with high mitigation effectiveness. This work contributes
to a better understanding of the mitigation power of ASes and the out-
sourcing mitigation mechanism. In addition, ARS’s success in selecting
mitigators demonstrates that routes announced by mitigators with high
mitigation effectiveness are more acceptable than others. Therefore,
based on this capability, a notification mechanism can be designed
where the mitigators are used for transporting the hijack information
in the BGP community, which will be put in our future work.
Declaration of competing interest
The authors declare that they have no known competing finan-
cial interests or personal relationships that could have appeared to
influence the work reported in this paper.
Acknowledgment
This work is supported by the National Key R&D Program of China
(No. 2018YFB1800404).
12
Computer Networks 202 (2022) 108650
References
[1] K. Butler, T.R. Farley, P. McDaniel, J. Rexford, A survey of BGP security issues
and solutions, Proc. IEEE 98 (1) (2009) 100–122.
[2] Massive route leak causes internet slowdown, 2015, Online. https://Bgpmon.Net/
Massive-Route-Leak-Cause-Internet-Slowdown/.
[3] Pkistan hijacks YouTube., 2008, Online. https://Www.Ripe.Net/Publications/
News/Industry-Developments/Youtube-Hijacking-A-Ripe-Ncc-Ris-Case-Study.
[4] M. Apostolaki, A. Zohar, L. Vanbever, Hijacking bitcoin: Routing attacks on
cryptocurrencies, in: 2017 IEEE Symposium on Security and Privacy (SP), IEEE,
2017, pp. 375–392.
[5] S. Kent, C. Lynn, K. Seo, Secure border gateway protocol (S-BGP), IEEE J. Sel.
Areas Commun. 18 (4) (2000) 582–592.
[6] Z. Zhang, Y. Zhang, Y.C. Hu, Z.M. Mao, R. Bush, Ispy: detecting ip prefix
hijacking on my own, in: Proceedings of the ACM SIGCOMM 2008 Conference
on Data Communication, 2008, pp. 327–338.
[7] J. Karlin, S. Forrest, J. Rexford, Pretty good BGP: Improving BGP by cautiously
adopting routes, in: Proceedings of the 2006 IEEE International Conference on
Network Protocols, IEEE, 2006, pp. 290–299.
[8] M. Lepinski, S. Kent, An Infrastructure to Support Secure Internet Routing, RFC
6480, February, 2012.
[9] M. Lepinski, K. Sriram, Bgpsec protocol specification, 2017, RFC8205.
[10] Z. Zhang, Y. Zhang, Y.C. Hu, Z.M. Mao, Practical defenses against BGP prefix
hijacking, in: Proceedings of the 2007 ACM CoNEXT Conference, 2007, pp. 1–12.
[11] P. Moriano, R. Hill, L.J. Camp, Using bursty announcements for detecting BGP
routing anomalies, Comput. Netw. 188 (2021) 107835.
[12] P. Sermpezis, V. Kotronis, A. Dainotti, X. Dimitropoulos, A survey among network
operators on BGP prefix hijacking, ACM SIGCOMM Comput. Commun. Rev. 48
(1) (2018) 64–69.
[13] A. Cohen, Y. Gilad, A. Herzberg, M. Schapira, Jumpstarting BGP security with
path-end validation, in: Proceedings of the 2016 ACM SIGCOMM Conference,
2016, pp. 342–355.
[14] R. Bush, O. Maennel, M. Roughan, S. Uhlig, Internet optometry: assessing the
broken glasses in internet reachability, in: Proceedings of the 9th ACM SIGCOMM
Conference on Internet Measurement, 2009, pp. 242–253.
[15] C. Testart, P. Richter, A. King, A. Dainotti, D. Clark, Profiling BGP serial
hijackers: capturing persistent misbehavior in the global routing table, in:
Proceedings of the Internet Measurement Conference, 2019, pp. 420–434.
[16] Hijack event today by indosat, 2014, Online. http://Bgpmon.Net/Hijack-Event-
Today-By-Indosat/.
[17] Large scale BGP hijack out of India, 2015, Online. https://Bgpmon.Net/Large-
Scale-Bgp-Hijack-Out-of-India/.
[18] P. Sermpezis, V. Kotronis, P. Gigis, X. Dimitropoulos, D. Cicalese, A. King, A.
Dainotti, ARTEMIS: NEutralizing BGP hijacking within a minute, IEEE/ACM
Trans. Netw. 26 (6) (2018) 2471–2486.
[19] Artemis, an open-source tool for detecting BGP prefix hijacking in real time,
2021, Online. https://Www.Bgpartemis.Org/.
[20] B. Ager, N. Chatzis, A. Feldmann, N. Sarrar, S. Uhlig, W. Willinger, Anatomy
of a large European IXP, in: Proceedings of the ACM SIGCOMM 2012 Confer-
ence on Applications, Technologies, Architectures, and Protocols for Computer
Communication, 2012, pp. 163–174.
[21] P. Gill, M. Schapira, S. Goldberg, Let the market drive deployment: A strategy
for transitioning to bgp security, ACM SIGCOMM Comput. Commun. Rev. 41 (4)
(2011) 14–25.
[22] P. Gill, M. Schapira, S. Goldberg, Modeling on quicksand: dealing with the
scarcity of ground truth in interdomain routing data, ACM SIGCOMM Comput.
Commun. Rev. 42 (1) (2012) 40–46.
[23] M. Lad, R. Oliveira, B. Zhang, L. Zhang, Understanding resiliency of internet
topology against prefix hijack attacks, in: 37th Annual IEEE/IFIP International
Conference on Dependable Systems and Networks (DSN’07), IEEE, 2007, pp.
368–377.
[24] AS Relationships by CAIDA, 2020, Online. http://Www.Caida.Org/Data/As-
Relationships/.
[25] Y. Jin, C. Scott, A. Dhamdhere, V. Giotsas, A. Krishnamurthy, S. Shenker,
Stable and Practical AS Relationship Inference with ProbLink, in: 16th USENIX
Symposium on Networked Systems Design and Implementation (NSDI 19), 2019,
pp. 581–598.
[26] L. Gao, J. Rexford, Stable internet routing without global coordination,
IEEE/ACM Trans. Netw. 9 (6) (2001) 681–692.
[27] J. Karlin, S. Forrest, J. Rexford, Autonomous security for autonomous systems,
Comput. Netw. 52 (15) (2008) 2908–2923.
[28] L. Gao, On inferring autonomous system relationships in the internet, IEEE/ACM
Trans. Netw. 9 (6) (2001) 733–745.
[29] Z. Jin, X. Shi, Y. Yang, X. Yin, Z. Wang, J. Wu, TopoScope: Recover AS
relationships from fragmentary observations, in: Proceedings of the ACM Internet
Measurement Conference, 2020, pp. 266–280.
M. Zeng et al.
[30] V. Giotsas, S. Zhou, M. Luckie, K. Claffy, Inferring multilateral peering, in:
Proceedings of the Ninth ACM Conference on Emerging Networking Experiments
and Technologies, 2013, pp. 247–258.
[31] C. Orsini, A. King, D. Giordano, V. Giotsas, A. Dainotti, BGPStream: a software
framework for live and historical BGP data analysis, in: Proceedings of the 2016
Internet Measurement Conference, 2016, pp. 429–444.
[32] Cisco, BGPstream, 2021, Online. http://Bgpstream.Com/.
[33] Caida AS classification, 2021, Online. https://Www.Caida.Org/Data/As-
Classification/.
[34] T. Arnold, J. He, W. Jiang, M. Calder, I. Cunha, V. Giotsas, E. Katz-Bassett, Cloud
provider connectivity in the flat internet, in: Proceedings of the ACM Internet
Measurement Conference, 2020, pp. 230–246.
[35] Prctile function of matlab, 2021, Online. https://Www.Mathworks.Com/Help/
Stats/Prctile.Html.
[36] CAIDA AS Rank, 2020, Online. http://As-Rank.Caida.Org/.
[37] D. Tuber, Protecting cloudflare customers from BGP insecurity with route leak
detection, 2021, Online. https://Blog.Cloudflare.Com/Route-Leak-Detection/.
[38] D. Fialho, SS-BGP Routing simulator, 2021, Online, https://Github.Com/Ssbgp/
Simulator.
[39] T. Qiu, L. Ji, D. Pei, J. Wang, J. Xu, Towerdefense: Deployment strategies for
battling against ip prefix hijacking, in: The 18th IEEE International Conference
on Network Protocols, IEEE, 2010, pp. 134–143.
Man Zeng received the B.E. degree from Beijing University
of Posts and Telecommunications (BUPT), Beijing, China,
in 2017. She is currently pursuing her Ph.D. at the School
of Computer Science (National Pilot Software Engineering
School), BUPT. Her interests include inter-domain security,
intelligent network, software-defined networking.
13
Computer Networks 202 (2022) 108650
Xiaohong Huang received her B.E. degree from Beijing
University of Posts and Telecommunications (BUPT), Bei-
jing, China, in 2000 and Ph.D. degree from the school
of Electrical and Electronic Engineering (EEE), Nanyang
Technological University, Singapore in 2005. Since 2005,
Dr. Huang has joined BUPT and now she is an professor
and director of Network and Information Center in School
of Computer Science (National Pilot Software Engineering
School) of BUPT. Dr. Huang has published more than 50
academic papers in the area of WDM optical networks,
IP networks and other related fields. Her current interests
are performance analysis of computer networks, service
classification and so on.
Pei Zhang received his Ph.D. in Beijing University of
Posts and Telecommunications, in 2012. He is now work-
ing in the School of Computer Science (National Pilot
Software Engineering School), Beijing University of Posts
and Telecommunications. His research concerns computer
networks, network security and AI.
Dandan Li received her Ph.D. degree from Beijing Uni-
versity of Posts and Telecommunications (BUPT), Beijing,
China, in 2017. She is currently an associate professor in
the School of Computer Science (National Pilot Software
Engineering School) of BUPT. Her research interests in-
clude privacy and security issues in networking applications,
classical and quantum cryptography.