On Detection of Anomalous Routing Dynamics in BGP
نویسندگان
چکیده
BGP, the de facto inter-domain routing protocol, is the core component of current Internet infrastructure. BGP traffic deserves thorough exploration, since abnormal BGP routing dynamics could impair global Internet connectivity and stability. In this paper, two methods, signature-based detection and statistics-based detection, are designed and implemented to detect BGP anomalous routing dynamics in BGP UPDATEs. Signature-based detection utilizes a set of fixed patterns to search and identify routing anomalies. For the statistics-based detection, we devise five measures to model BGP UPDATEs traffic. In the training phase, the detector is trained to learn the expected behaviors of BGP from the historical longterm BGP UPDATEs dataset. It then examines the test dataset to detect ”anomalies” in the testing phase. An anomaly is flagged when the tested behavior significantly differs from the expected behaviors. We have applied these two approaches to examine the BGP data collected by RIPE-NCC servers for a number of IP prefixes. Through manual analysis, we specify possible causes of some detected anomalies. Finally, comparing the two approaches, we highlight the advantages and limitations of each. While our evaluation is still preliminary, we have demonstrated that, by combining both signature-based and statistics-based anomaly detection approaches, our system can effectively and accurately identify certain BGP events that are worthy of further investigation.
منابع مشابه
Detection of Interdomain Routing Anomalies Based on Higher-Order Path Analysis Camera Ready
Internet routing dynamics have been extensively studied in the past few years. However, dynamics such as interdomain Border Gateway Protocol (BGP) behavior are still poorly understood. Anomalous BGP events including misconfigurations, attacks and large-scale power failures often affect the global routing infrastructure. Thus, the ability to detect and categorize such events is extremely useful....
متن کاملBGP Anomaly Detection Using Wavelet Analysis
Being the de facto standard inter-domain routing protocol, BGP’s performance characteristics have a widespread, sometime global, impact to the Internet. Anomalous BGP behavior could result in delayed path convergence, and in the worst case, network connectivity disruption. An in-depth understanding on BGP’s anomalies will not only help administrators to manage the network better, but also help ...
متن کاملA Framework for BGP Abnormal Events Detection
Detection of abnormal BGP events is of great importance to preserve the security and robustness of the Internet interdomain routing system. In this paper, we propose an anomaly detection framework based on machine learning techniques to identify the anomalous events by training a model for normal BGP-updates and measuring the extent of deviation from the normal model during the abnormal occasio...
متن کاملBGP Behavior Monitoring and Analysis
Border Gateway Protocol, an important inter-domain routing protocol, has a number of vulnerabilities. Little is known about how BGP actually performs in today’s Internet. We designed a framework, BGP Assistant, to monitor and analyze BGP traffic. Number of BGP Updates and Route convergence time are used to characterize BGP behavior. Preliminary results with the Oregon Route Views BGP show that ...
متن کاملTopology-Based Detection of Anomalous BGP Messages
The Border Gateway Protocol (BGP) is a fundamental component of the current Internet infrastructure. Due to the inherent trust relationship between peers, control of a BGP router could enable an attacker to redirect traffic allowing man-in-the-middle attacks or to launch a large-scale denial of service. It is known that BGP has weaknesses that are fundamental to the protocol design. Many soluti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004