# ARTEMIS

ARTEMIS is a system designed to detect and mitigate BGP Hijacking , operated locally by network operators to protect their own prefixes. The system is based on several key ideas and can be found in this paper .

This works in the following way.

1. Write a configuration File: Lists all prefixes owned by the network, created by the network operator.
2. BGP Updates Mechanism: Receives updates from local routers and monitoring services.
3. Anomaly Detection: Compares received BGP updates against the configuration file to detect anomalies in prefixes and AS-PATH fields.

ARTEMIS can detect different types of BGP prefix hijacking attacks by monitoring for unusual patterns in BGP announcements.

The system aims to minimise false positives and false negatives . Operators can prioritise between accuracy and speed or opt for fewer inconsequential FNs at the cost of higher FPs.

This is achieved by

1. Prefix Deaggregation: The affected network announces more specific prefixes to counteract hijacked prefixes. For example, if a prefix 208.65.153.0/24 is hijacked, the network could announce 208.65.153.128/25 and 208.65.153.0/25.
2. Multiple Origin AS (MOAS): Third-party organisations announce the hijacked prefixes from their locations. This attracts global traffic to the third party, which scrubs it and tunnels it back to the legitimate AS.