Using machine learning to hunt down cybercriminals

#artificialintelligence

Hijacking IP addresses is an increasingly popular form of cyber-attack. This is done for a range of reasons, from sending spam and malware to stealing Bitcoin. It's estimated that in 2017 alone, routing incidents such as IP hijacks affected more than 10 percent of all the world's routing domains. There have been major incidents at Amazon and Google and even in nation-states -- a study last year suggested that a Chinese telecom company used the approach to gather intelligence on western countries by rerouting their internet traffic through China. Existing efforts to detect IP hijacks tend to look at specific cases when they're already in process.


How MIT researchers use machine learning to detect IP hijackings before they occur

#artificialintelligence

The internet uses routing tables to determine how and where data is sent and received. Without accurate and reliable tables, the internet would be like a highway system with no signs or signals to direct the traffic to the right places. Of course, cybercriminals find a way to corrupt just about everything that makes the internet work, and routing is no exception. IP hijacking, or BGP (Border Gateway Protocol) hijacking, is a process in which hackers and cybercriminals take over groups of IP addresses by corrupting the routing tables that use BGP. The purpose is to redirect traffic on the public internet or on private business networks to the hijackers' own networks where they can intercept, view, and even modify the packets of data.


Global Big Data Conference

#artificialintelligence

Model from the Computer Science and Artificial Intelligence Laboratory identifies "serial hijackers" of internet IP addresses. Hijacking IP addresses is an increasingly popular form of cyber-attack. This is done for a range of reasons, from sending spam and malware to stealing Bitcoin. It's estimated that in 2017 alone, routing incidents such as IP hijacks affected more than 10 percent of all the world's routing domains. There have been major incidents at Amazon and Google and even in nation-states -- a study last year suggested that a Chinese telecom company used the approach to gather intelligence on western countries by rerouting their internet traffic through China.


MIT CSAIL's AI detects possible IP address hijacking

#artificialintelligence

Border gateway protocol (BGP), a routing protocol used to transfer data and information between different host gateways, is fundamental to the internet's design. Unfortunately, it's flawed in two respects: It lacks route authentication and basic origin validation. That makes BGP liable to cause connectivity issues in the event of misconfigurations, and worrisomely opens the door to malicious spammers, traffic interceptors, and cryptocurrency thieves. That's why researchers at MIT's Computer Science and Artificial Intelligence Lab recently conducted a study of BGP activity over the course of five years, with the goal of identifying the dominant characteristics of hijackers and how they differ from legitimate systems. The work informed a set of metrics to which the team applied an AI algorithm to evaluate their accuracy in identifying hijackers' patterns.


China has been 'hijacking the vital internet backbone of western countries'

ZDNet

A Chinese state-owned telecommunications company has been "hijacking the vital internet backbone of western countries," according to an academic paper published this week by researchers from the US Naval War College and Tel Aviv University. The culprit is China Telecom, the country's third-largest telco and internet service provider (ISP), which has had a presence inside North American networks since the early 2000s when it created its first point-of-presence (PoP). PoPs are data centers that do nothing more than re-route traffic between all the smaller networks that make up the larger internet. These smaller networks are known as "autonomous systems" (AS) and they can be the networks of big tech companies like Google, your friendly neighborhood ISP, big tier-1 ISPs like Verizon, university networks, bank networks, web hosting companies, and all entities big enough to have received their own block of IP addresses. Traffic travels between these AS networks with the help of the Border Gateway Protocol (BGP).