Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Routing design in operational networks: a look from the inside
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Bayesian detection of router configuration anomalies
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
IP network configuration for intradomain traffic engineering
IEEE Network: The Magazine of Global Internetworking
Uncertainty in interdependent security games
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Discovering access-control misconfigurations: new approaches and evaluation methodologies
Proceedings of the second ACM conference on Data and Application Security and Privacy
End-user perspectives of Internet connectivity problems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Improving manageability through reorganization of routing-policy configurations
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic test packet generation
Proceedings of the 8th international conference on Emerging networking experiments and technologies
What you want is not what you get: predicting sharing policies for text-based content on facebook
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Hi-index | 0.00 |
Recent studies have shown that router misconfigurations are common and can have dramatic consequences to the operations of a network. Misconfigurations can compromise the security of an entire network or even cause global disruptions to Internet connectivity. Several solutions have been proposed. They can detect a number of problems in real configuration files. However, these solutions share a common limitation: they are based on rules which need to be known beforehand. Violations of these rules are deemed misconfigurations. As policies typically differ among networks, these approaches are limited in the scope of mistakes they can detect. In this paper, we address the problem of router misconfigurations using data mining. We apply association rules mining to the configuration files of routers across an administrative domain to discover local, network-specific policies. Deviations from these local policies are potential misconfigurations. We have evaluated our scheme on configuration files from a large state-wide network provider, a large university campus and a high-performance research network. In this evaluation, we focused on three aspects of the configurations: user accounts, interfaces and BGP sessions. User accounts specify the users that can access the router and define the authorized commands. Interfaces are the ports used by routers to connect to different networks. Each interface may support a number of services and run various routing protocols. BGP sessions are the connections with neighboring autonomous systems (AS). BGP sessions implement the routing policies which select the routes that are filtered and the ones that are advertised to the BGP neighbors. We included the routing policies in our study. The results are promising. We discovered a number of errors that were confirmed and corrected by the network administrators. These errors would have been difficult to detect with current predefined rule-based approaches.