Due to a ransomware attack, the wiki was reverted to a July 2022 version. . We apologize for the lack of a more recent valid backup.
...
ARTEMIS: System Description
ARTEMIS consists of three components: a detection, a mitigation, and a monitoring service as shown in Fig. 1.
The detection service runs continuously and combines control plane information from the AS itself, Periscope [7] (an LG API), the streaming services of RIPE RIS [4] and BGPstream (from RIPE RIS and RouteViews) [6], as well as BGPmon [5], which return in (near) real-time BGP routes/updates for a given list of prefixes and ASNs. By combining multiple sources, the delay of the detection phase is the minimum of the delays of these sources. The system can be parameterized (e.g., selecting LGs based on location and/or connectivity) to achieve trade-offs between monitoring overhead and detection efficiency/speed.
...
The picture that follows shows the topology that is setup via the topo.py file inside the tutorial folder. The BGP speakers are Quagga routers and the route collector is an ExaBGP router running a custom script to replicate the behavior of a RIPE route collector.
AS65001
Intermediate AS that consists of a BGP speaker (R1), a L2 switch, a host (H1) and an ExaBGP Route Collector (RC).R1: Announces 10.0.0.0/8 and is a neighbor of AS65003 and AS65002. Also, it has the exaBGP RC as an iBGP neighbor and propagates BGP update messages to it.
ExaBGP RC: RC connected to R1 but also to the ONOS controller on the protected AS (in real world this connection is done through the underlying network; the only limitation is that the IP endpoint of ONOS should have a non-hijacked IP address so that the monitor can reach ONOS during the hijack).
H1 / 10.0.0.100: Host which is going to be communicating with the host inside the protected AS. It is used to provide us a visualization of the data-plane behavior when the BGP hijack occurs.
...