The Internet, with its unprecedented success and global scale as a network of networks, depends heavily on a few fundamental technologies. One of these technologies is the Border Gateway Protocol (BGP), which glues together the independent networks of the Internet. BGP, based on a three-decade old design, is highly susceptible to BGP prefix hijacking attacks. These attacks, which have been repeatedly covered in the news due to their critical impact in several prominent cases, persistently pest network operators and users accessing their services, as they have the capability to render entire networks (and their services) unreachable. The resulting network outages, lasting from several hours to days, cost millions of dollars. BGP prefix hijacking events result usually from human error, but can also be malicious. Offenders can impersonate victim networks, steal sensitive information, or stealthily intercept and manipulate traffic destined to legitimate destinations. Current approaches to defending against hijacking attacks (a) are poorly adopted, due to their high cost and low immediate benefit, or (b) rely on inaccurate detection mechanisms that generate numerous false alerts, while lacking automation. The latter results in manual and slow mitigation processes, which is presently the norm. ARTEMIS is a new approach to defend against BGP prefix hijacking attacks that was introduced in the NetVolution project. It focuses on real-time detection and automated mitigation relies on novel detection algorithms, and employs new technologies in order to reduce the duration of the detection/mitigation cycle from hours and days, down to a few seconds. It therefore greatly reduces the cost of outages.
The PHILOS project, first, created a Proof of Concept implementation of ARTEMIS that was deployed and tested within real-world networks. Second, it formed a business plan for the commercialization of ARTEMIS.
The economic and societal benefits are multiple, as ARTEMIS helps to: (i) improve the availability of Internet services; (ii) reduce the economic impact of malicious attacks; (iii) increase security and privacy in the Internet; and (iv) create a new market.