Structural Vulnerabilities in ASRank under Adversarial Conditions

Introduction The Internet comprises over 80,000 ASes interconnected via the Border Gateway Protocol (BGP). These interconnections are governed by business relationships, primarily provider-to-customer (P2C) and peer-to-peer (P2P), which directly influence routing policies and global path selection. Since AS business relationships are not publicly disclosed, operators and researchers rely on inference algorithms to identify them from observed BGP routing data. Among these, CAIDA's ASRank algorithm is the most widely used methods that underpins CAIDA's public AS relationship dataset and has supported hundreds of scientific studies and operational tools. Despite its critical role, the security of ASRank under adversarial conditions remains largely unexplored. ASRank's inference process relies on AS triplets, which are sequences of three consecutive Autonomous Systems extracted from BGP paths, and applies a greedy ordering based on transit degree. This design introduces sensitivity to small input perturbations, which can alter inference order and lead to cascading misclassifications. The objective of this document is to highlight the security risks introduced by structural vulnerabilities in ASRank, which may allow adversaries to manipulate AS relationship inference results at scale. Given ASRank's widespread use in both operational networks and research, such manipulation can undermine the reliability of critical datasets and downstream analyses. This document also discusses the security implications of these vulnerabilities and outlines potential countermeasures. The rest of this document is structured as follows: Section 2 provides background on AS relationships and inference techniques. Section 3 presents an overview of the ASRank algorithm. Section 4 analyzes structural vulnerabilities in ASRank's inference process. Section 5 introduces a minimal manipulation example to illustrate the impact of input perturbations. Section 6 discusses the security implications of these vulnerabilities. Section 7 outlines potential mitigation strategies. Finally, Section 8 concludes the document.

Background and AS Relationship Inference ASes interconnect under business agreements that define how traffic is exchanged between them. The two primary types of AS relationships are P2C and P2P. In a P2C relationship, the provider offers transit services to the customer in exchange for payment. In a P2P relationship, two ASes exchange traffic without settlement, typically to reach each other's customers. These relationships play a central role in shaping BGP routing policies, including route selection and export behavior. However, AS relationships are generally considered proprietary and are not publicly disclosed. As a result, researchers and operators rely on inference algorithms to estimate these relationships from observed BGP routing data. Most inference methods operate on BGP paths collected from public vantage points and apply heuristic or statistical techniques to classify AS links. Among these, CAIDA's ASRank algorithm is the most widely used and influential approaches.

ASRank Overview ASRank is a multi-stage algorithm developed by CAIDA to infer AS relationships from empirical BGP routing data. It is used to generate CAIDA's public AS relationship datasets and has become a foundational tool in BGP researches and operations. The algorithm begins by sanitizing BGP paths, removing those that contain artifacts such as loops, reserved AS numbers, or Internet Exchange Points (IXPs). It then sorts ASes in descending order of transit degree, computed from counts of AS triplets observed in the data. Based on this ordering, ASRank first identifies a clique of top-level ASes and infers the corresponding P2P relationships within the clique. After filtering poisoned paths further, it infers P2C relationships in a greedy, top-down manner. During this process, newly inferred relationships serve as a basis for subsequent inferences, thereby progressively determining P2C relationships until no additional ones can be resolved. The algorithm then handles special cases, such as ASes with atypical transit patterns. Finally, any remaining unresolved links are inferred as P2P relationships. While ASRank's design enables scalable and automated inference, its reliance on triplet-based statistics and order-sensitive heuristics introduces structural vulnerabilities, which are discussed in the following sections.

Vulnerabilities in ASRank Inference A central component of ASRank's inference process is the P2C classification phase, which accounts for the majority of inferred relationships. In this phase, ASRank processes ASes in descending order of their transit degree, a metric defined as the number of distinct neighbors adjacent to an AS when it appears in the middle position of observed AS triplets (X, Y, Z). For each AS, ASRank examines relevant triplets (X, Y, Z) and applies a heuristic: if the relationship between AS X and AS Y is P2P (denoted as X - Y) or P2C (denoted as X > Y), the algorithm infers a P2C relationship AS Y > AS Z. A key characteristic of this process is its order-dependence: the relationships inferred earlier influence which triplets can trigger further inferences, shaping the final output. In practice, many ASes have similar transit degrees. As a result, even small changes in the input data can perturb the processing order, leading to different inference sequences and potentially altering the resulting AS relationships. This sensitivity introduces a structural vulnerability. Minor perturbations in the input data can trigger cascading inference changes, resulting in qualitatively different relationship graphs. In open environments where BGP data is collected from public vantage points, this behavior creates an opportunity for inference results to be influenced or manipulated without directly modifying the algorithm. These characteristics raise concerns about the robustness of ASRank in adversarial or noisy settings, especially given its widespread use in BGP researches and operations.

A Minimal Example of Manipulations Consider the following observed BGP paths, where we highlight only the contiguous AS-path segments that are relevant for inference: These paths represent a typical scenario where multiple downstream ASes are accessible through a shared chain of transit providers. ASRank initially infers a top-level clique of major transit ASes. For simplicity, we assume that M and N are part of this clique, with their mutual relationship already inferred as P2P (M-N). From these paths, ASRank extracts AS triplets and computes the transit degrees (denoted by TD). AS A appears as the middle AS in four triplets and has four distinct neighbors, yielding TD(A)=4. Similarly, TD(B)=3 and TD(C)=2, while D, E, F, and G all have a transit degree of zero. ASRank thus visits ASes in the following order: B -> C -> D -> E -> F -> G ]]> Starting with A, ASRank infers N>A from (M,N,A) as M-N is already known. It then moves to B, inferring A>B from the triplet (N,A,B), based on the previously inferred N>A. Following this sequence, ASRank infers the following P2C relationships: A, A > B, B > C, C > D, B > E, A > F, A > G} ]]> Now consider adding two additional BGP paths: Due to the new introduced AS triplets, the transit degree of D increases to TD(D)=4, surpassing that of C, whose transit degree becomes TD(C)=3. As a result, D is visited before C, resulting in the updated inference order: B -> D -> C -> ... ]]> This reordered traversal leads to a different inference chain. When visiting D, the relationship A>B has already been inferred, and (A,B,D) in path 5 therefore satisfies the heuristic and implies B>D. Later, when visiting C, (B,D,C) in path 5 together with the newly inferred B>D again matches the heuristic and implies D>C. Consequently, the final set of inferred relationships includes: A, A > B, B > D, D > C, B > C, B > E, A > F, A > G} ]]> Compared to the original outcome, C>D is replaced by D>C, and a new P2C relationship B>D is inferred.

Security Implications Because ASRank-derived datasets are widely used in both academic studies and operational tools, inaccuracies in inferred AS relationships can propagate into downstream systems, undermining the reliability of Internet measurements and topology analysis, and leading to incorrect assumptions about routing behavior and connectivity. Manipulated or unstable inferences can lead to misleading views of Internet structure and behavior. For instance, incorrect relationships may distort the AS hierarchy or misrepresent network reachability. Such errors can reduce the accuracy of systems that depend on AS relationship data for tasks like anomaly detection, route validation, and security monitoring. Moreover, inaccurate ASRank inferences can unfairly elevate an AS's perceived importance, giving it undue visibility, influence, or business advantage. This can also distort peering decisions and mislead customers.

Mitigation Considerations To address ASRank's vulnerabilities, two areas require attention: improving inference robustness and limiting the injection of forged AS paths. At the inference level, robustness can be enhanced by using organizational or business-affiliation data to flag relationships that don't align with expected economic logic. Rather than making early, fixed decisions, ASRank could analyze the full relationship graph to reduce the impact of inference order. Since forged paths may coexist with valid ones, detecting internal inconsistencies, like unexpected reversals in relationships, can help identify and verify suspicious inferences. At the routing layer, deploying path validation mechanisms can reduce the risk of forged triplets. BGPsec provides cryptographic protection for AS paths but is limited by low adoption and reduced effectiveness under partial deployment. Newer approaches like ASPA and ASRA offer more practical alternatives by verifying legitimate AS connections, though they are still in early stages and face known limitations.

Conclusion This document analyzes the structural vulnerabilities of ASRank, a widely used algorithm for inferring AS business relationships from BGP routing data. We describe how ASRank’s order-sensitive inference process can lead to unstable or incorrect relationship classifications under small input changes. A minimal example demonstrates how minor perturbations in BGP paths can trigger cascading inference shifts. These vulnerabilities raise concerns about the reliability of ASRank-derived datasets, especially in adversarial or noisy conditions. Strengthening inference robustness and deploying path validation mechanisms are essential steps toward improving the security and trustworthiness of AS relationship inference.

IANA Considerations This document includes no request to IANA.

Security Considerations The structural weaknesses in ASRank's inference process may be exploited to manipulate AS relationship outputs without altering the algorithm itself. Such manipulation can distort Internet topology views, mislead routing decisions, and undermine downstream systems that rely on inferred AS relationships. While this document does not describe specific attack strategies, it highlights the risks posed by inference sensitivity and the potential for undetected influence. Mitigation strategies are discussed in Section 7. Operators and researchers are encouraged to interpret ASRank-derived data with caution and consider complementary validation mechanisms.