Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn about a novel cybersecurity detection system through this 16-minute conference presentation from USENIX Security '25. Discover how researchers from Tsinghua University and other institutions developed Ares, a groundbreaking system designed to detect sophisticated path hijacking attacks that exploit vulnerabilities in the Border Gateway Protocol (BGP). Explore the evolution of prefix hijacking from basic origin hijacking to more stealthy path hijacking techniques that manipulate AS path attributes to bypass existing detection systems. Understand how Ares addresses comprehensive path hijacking detection by analyzing observed prefix routing trees (OPRT) within autonomous systems, utilizing weighted edit distance algorithms to quantify routing tree differences, clustering mechanisms for accelerated anomaly detection, and heuristic rules for enhanced accuracy. Examine the system's impressive performance metrics, including detection of 12 real-world hijacking events within 5 minutes of occurrence, 97.2% and 99.3% detection rates for stealthy exact and sub-prefix path hijackings respectively, and a low 1.06% false positive rate while generating only 2.31 manageable suspicious alerts per hour across the entire Internet.
