Abstract
To complement machine intelligence in anomaly event analysis and correlation, in this paper, we investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanical analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level abstraction about the dynamics of BGP.
Chapter PDF
Similar content being viewed by others
Keywords
- Autonomous System
- Anomaly Detection
- Intrusion Detection System
- Border Gateway Protocol
- Anomaly Detection System
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Gentner, D., Stevens, A.L. (eds.): Mental Models. Cognitive Science (1983)
Rekher, Y., Li, T.: A Border Gateway Protocol 4 (BGP-4), rfc1771, IETF
Cowie, J., Ogielski, A., Premore, B.J., Yuan, Y.: Global Routing Instabilities during Code Red II and Nimda Worm Propagation. NANOG (September 19, 2001)
Wang, L., Zhao, X., Pei, D., Bush, R., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: Observation and Analysis of BGP Behavior under Stress. In: ACM SIGCOMM IMW (Internet Measurement Workshop), Marseille, France (November 2002)
Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (Secure-BGP). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)
Massey, D., Wang, L., Zhao, X., Pei, D., Bush, R., Mankin, A., Wu, F., Zhang, L.: Protecting the BGP Routes to Top Level DNS Servers. In: NANOG 25, Toronto, Canada (June 2002)
Herman, I., Melançon, G., Scott Marshall, M.: Graph Visualization and Navigation in Information Visualization: a Survey. IEEE Transactions on Visualization and Computer Graphics 6(1), 24–43 (2000)
Hawkinson, J., Bates, T.: Guidelines for creation, selection, and registration of an Autonomous System (AS). rfc1930, IETF
Zhao, X., Pei, D., Wang, L., Zhang, L., Massey, D., Mankin, A., Wu, S.F.: Detection of Invalid Route Announcement in the Internet. In: International Conference on Dependable Systems & Networks (2002)
Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: An Analysis of BGP Multiple Origin AS (MOAS) Conflict. In: ACM SIGCOMM Internet Measurement Workshop, San Francisco, November 1-2, pp. 31–35 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Teoh, ST. et al. (2003). Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events. In: Brunner, M., Keller, A. (eds) Self-Managing Distributed Systems. DSOM 2003. Lecture Notes in Computer Science, vol 2867. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39671-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-39671-0_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20314-8
Online ISBN: 978-3-540-39671-0
eBook Packages: Springer Book Archive