Rule-Based anomaly detection of inter-domain routing system

  • Authors:
  • Peidong Zhu;Xin Liu;Mingjun Yang;Ming Xu

  • Affiliations:
  • School of Computer, National University of Defense Technology, Changsha, China;National Laboratory for Modern Communications, Chengdu, China;School of Computer, National University of Defense Technology, Changsha, China;National Laboratory for Modern Communications, Chengdu, China

  • Venue:
  • APPT'05 Proceedings of the 6th international conference on Advanced Parallel Processing Technologies
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

Inter-domain routing (IDR) system is a critical part of the Internet infrastructure. However, anomalies exist in BGP routing behaviors because of BGP misconfigurations, router malfunctions or deliberate attacking. To help secure the IDR system, this paper presents a rule-based framework and a rich set of detection rules to identify the abnormal routing behaviors. The detection rules are categorized into General Anomaly-detection Rules (GADRs) and Special Anomaly-detection Rules (SADRs), and they work together with the Basic Models and the Generated Models of the Internet respectively. Under the proposed framework, a prototype system, ISP-Health, is implemented, which can find out various abnormal routes and complex hidden routing attacks.