Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events
نویسندگان
چکیده
Instead of relying completely on machine intelligence in anomaly event analysis and correlation, in this paper, we take one step back and investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanic analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level abstraction about the dynamics of BGP.
منابع مشابه
BGP Anomaly Detection Using Wavelet Analysis
Being the de facto standard inter-domain routing protocol, BGP’s performance characteristics have a widespread, sometime global, impact to the Internet. Anomalous BGP behavior could result in delayed path convergence, and in the worst case, network connectivity disruption. An in-depth understanding on BGP’s anomalies will not only help administrators to manage the network better, but also help ...
متن کاملAnalysis of BGP Origin AS Changes Among Brazil-Related Autonomous Systems
On the inter-domain Internet today, the address prefix origin in our BGP operations has become a major security concern. This critical problem can be stated simply as “Is the originating Autonomous System (AS) authorized to advertise the destination address prefix?” In the long term maybe we will be able to prevent this problem by applying proposed solutions such as SBGP[1] or SoBGP[2]. However...
متن کاملELISHA: A Visual-Based Anomaly Detection System for the BGP Routing Protocol
ELISHA is a human-interactive visual-based anomaly detection system for handling faults and security attacks on the BGP (Border Gateway Protocol) routing protocol. A “fully automated” anomaly detection system for analyzing and correlating unknown attacks or faults is hard to build due to the consideration of effectiveness, coverage, and false positive. In this paper, we demonstrate that the ELI...
متن کاملA Visual Technique for Internet Anomaly Detection
The Internet can be made more secure and efficient with effective anomaly detection. In this paper, we describe a visual method for anomaly detection using archived Border Gateway Protocol (BGP) data. A special encoding of IP addresses built into an interactive visual interface design allows a user to quickly detect Origin AS changes by browsing through 2D visual representation of selected aspe...
متن کاملOn Detection of Anomalous Routing Dynamics in BGP
BGP, the de facto inter-domain routing protocol, is the core component of current Internet infrastructure. BGP traffic deserves thorough exploration, since abnormal BGP routing dynamics could impair global Internet connectivity and stability. In this paper, two methods, signature-based detection and statistics-based detection, are designed and implemented to detect BGP anomalous routing dynamic...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003