Abstract
Abnormal BGP events such as attacks, misconfigurations, electricity failures, can cause anomalous or pathological routing behavior at either global level or prefix level, and thus must be detected in their early stages. Instead of using ad hoc methods to analyze BGP data, in this paper we introduce an Internet Routing Forensics framework to systematically process BGP routing data, discover rules of abnormal BGP events, and apply these rules to detect the occurrences of these events. In particular, we leverage data mining techniques to train the framework to learn rules of abnormal BGP events, and our results from two case studies show that these rules are effective. In one case study, rules of worm events discovered from the BGP data during the outbreaks of the CodeRed and Nimda worms were able to successfully detect worm impact on BGP when an independent worm, the Slammer, subsequently occurred. Similarly, in another case study, rules of electricity blackout events obtained using BGP data from the 2003 East Coast blackout were able to detect the BGP impact from the Florida blackout caused by Hurricane Frances in 2004.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Software
Reference34 articles.
1. Hurricane frances chronology. http://www.fpl.com/storm/contents/hurricane_frances_chronology.shtml. Hurricane frances chronology. http://www.fpl.com/storm/contents/hurricane_frances_chronology.shtml.
2. RIPE routing information service raw data. http://data.ris.ripe.net/. RIPE routing information service raw data. http://data.ris.ripe.net/.
3. Origin authentication in interdomain routing
4. ADAM
Cited by
20 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献