[AusNOG] Call for operator feedback on AS-to-org mapping tool (ASINT).

Taejoong (tijay) Chung tijay at cs.vt.edu
Thu Sep 18 23:51:47 AEST 2025 

Hello AusNOG.

(My apologies if you have received duplicated messages)

My name is Tijay Chung, and I am a researcher at Virginia Tech.

Our team at Virginia Tech has been building *ASINT
<https://asint.netsecurelab.org/>*, a research tool that *maps ASNs to
their operating organizations* by combining Internet-routing metadata
(WHOIS, PeeringDB, corp websites, M&A records, etc.) with
large-language-model analysis. It is conceptually similar to CAIDA's
AS2ORG, but with broader coverage. A use case is reducing false positives
in BGP hijack detection by identifying when different origin ASNs actually
belong to the same organization.

*Please try it:*

   1. AS search for AS 18733 (Microsoft and acquired ASNs):
   https://asint.netsecurelab.org/as-search/18733
   2. Organization search for Deloitte (across multiple RIRs):
   https://asint.netsecurelab.org/org-search?q=deloitte


*Why this might help:*
Systems like Cloudflare Radar flag anomalies when the origin ASN does not
match ROAs. Many of these are not hijacks but legitimate internal
re-announcements between sibling ASNs. In our dataset of 17,282 such alerts
(Jan 2023–Jul 2024), ASINT identified 1,621 cases (~9.4%) as likely
intra-org. We sampled 100 of these and contacted operators; all 32 who
replied confirmed they were internal, not hijacks.



*What we need from you:*

1. Please check your org and ASNs. If you see a correct mapping, click the
thumbs-up. If you see an error or a missing ASN, click the thumbs-down.
After that, a short comment box appears. Any details you can share are
valuable: correct legal entity name, subsidiaries, brand vs legal names,
recent M&A, reseller or DDoS-scrubbing scenarios, multi-tenant NOCs,
government or university structures, region-specific business units, joint
ventures, or anything else that explains why two ASNs should or should not
be grouped.


2. Expect errors. We know there are two classes:


   - False positives: we group ASNs under the same organization even though
   they are different.
   - Misses: we fail to group sibling ASNs that should be together.

   *If you spot either, please rate and leave a comment. We will feed your
   comments into the next LLM pipeline cycle to correct mappings and tune
   extraction rules.*

3. Any feedback is welcome: data sources we should incorporate, edge cases
that keep biting you, risk of over-merges vs under-merges, UI issues, or
better ways to present evidence. If you prefer email, reply here or write
to  our team: tijay at vt.edu, yongzhe at vt.edu, weitongli at vt.edu


We aim to complement, not replace, existing datasets and community
curation. If you maintain ground-truth lists for your org and are willing
to share pointers, that helps everyone.
If this is useful, we will report a summary of corrections learned from the
community and continue iterating.

Thanks for taking a look and for any time you can spare.

Thanks,
Tijay Chung, Associate Professor
Virginia Tech  |  Computer Science
220 Gilbert Street, Suite 4303
Blacksburg, VA 24060
(540) 231-0667| tijay at vt.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20250918/0a4f38ec/attachment.htm>

More information about the AusNOG mailing list