Incompetents, criminals, or spies: Macroeconomic analysis of routing anomalies

Pablo Moriano, Soumya Achar, L. Jean Camp

Research output: Contribution to journalArticlepeer-review

4 Scopus citations

Abstract

Routing anomalies, beyond simple leaks, are occurring on the order of tens of thousands a year. These may be accidents, but there is anecdotal evidence that indicates criminal intent. There are case studies that illustrate the use of these for national intelligence. Any given anomaly could be an accident, a crime, or an attack. Although it is impossible to directly observe the motivation of those who generate these anomalies, aggregate data about the sources of these anomalies is available. Here we leverage tools of macroeconomics to provide insights into the possible nature of these anomalies. We offer an empirical investigation using multiple linear regression and unsupervised learning to analyze data over a four-year period in order to better understand the nature of routing anomalies. If routing anomalies are a result of limited technical competence, then countries with low levels of education, few technology exports, and less expertise should be over-represented. If routing anomalies are leveraged by criminals for profit, then economic theories and analytical approaches from criminology should show statistical significance. Or, if routing anomalies are primarily used by national intelligence agencies to attack either internal dissidents or those outside their borders, then the presence of conflict and measures of quality of governance are possible indicators. We examine anomalies as likely due to incompetence, potential ecrime, or intelligence operations using macroeconomics by leveraging three theories from criminology and global measures of technology adoption. We found that exports of technology were not statistically significant, undermining the argument for incompetence. We also found support for the possibility that anomalies are driven by crime, specifically for the guardianship and relative deprivation theories of crime. In addition to these findings from regression analysis, clustering indicates that civil conflict and surveillance are associated with the disproportionate origination of routing anomalies. This supports the possibility of use of routing anomalies for national intelligence.

Original languageEnglish
Pages (from-to)319-334
Number of pages16
JournalComputers and Security
Volume70
DOIs
StatePublished - Sep 2017
Externally publishedYes

Keywords

  • BGP security
  • Clustering analysis
  • Ecrime
  • Macroeconomics
  • Prefix hijacking
  • Statistical modeling
  • Surveillance

Fingerprint

Dive into the research topics of 'Incompetents, criminals, or spies: Macroeconomic analysis of routing anomalies'. Together they form a unique fingerprint.

Cite this