MIT AI researchers devise approach to detect ‘serial BGP hijackers’

Credit: ID 94675644 © Valeriy Kachaev |

Researchers at MIT and MIT’s CSAIL AI research lab have detailed a new approach to address serial abusers of the Border Gateway Protocol (BGP), which attackers use to trick other networks into misdirecting internet traffic for snooping, phishing, or and denial of service attacks. 

The machine learning approach is detailed in a paper titled “Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table” that the researchers will present at a conference in Amsterdam later this month.  

ISPs can intentionally or inadvertently hijack BGP routing by wrongly announcing another network’s IP address blocks, causing other ISPs and internet infrastructure providers to incorrectly reroute traffic, which in the past has led to vast amounts traffic from Amazon, Google, and Microsoft erroneously ending up in places like Iran, China and Russia

The MIT researchers ran a longitudinal survey of so-called “serial BGP hijackers” by looking at past instances of known and persistent bad behavior linked to Autonomous System (AS) numbers, which is how ISPs are identified in BGP route tables.

While many hijacking events are accidental and caused by misconfigurations, the researchers have explored a novel machine learning approach to identify ISPs that conduct BGP hijacking frequently over multiple years.