Abstract:In today’s Internet, it is very difficult for network operators to discover prefix hijacks in time. Considering the autonomous characteristic of the Internet inter-domain routing system, this paper provides the idea of collaborative monitoring among multiple Autonomous Systems (ASes). This paper also examines the design of a new method, named Co-Monitor that detects prefix hijacks in real-time. In Co-Monitor, every participant AS exchanges self-defined prefix-to-origin mapping information with the others, and they monitor local BGP (border gateway protocol) updates respectively. Once some participant discovers that the origin of information of a BGP route is inconsistent with the learned prefix-to-origin mapping information, it notifies relative participants immediately; thereby, Co-Monitor can help participants detect prefix hijacks quickly and effectively. This paper presents the detailed design of Co-Monitor, evaluates its detecting capabilities, and also discusses several related problems. The experimental results show that Co-Monitor, with only selected 60 participants, is accurate with 0% false negative ratio and 0% false positive ratio.