Delayed Internet routing convergence
IEEE/ACM Transactions on Networking (TON)
The Temporal and Topological Characteristics of BGP Path Changes
ICNP '03 Proceedings of the 11th IEEE International Conference on Network Protocols
An Algorithmic Approach to Identifying Link Failures
PRDC '04 Proceedings of the 10th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC'04)
Locating internet routing instabilities
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A first step toward understanding inter-domain routing dynamics
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Finding a needle in a haystack: pinpointing significant BGP routing changes in an IP network
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Context-aware clustering of DNS query traffic
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Learning, indexing, and diagnosing network faults
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
A higher order collective classifier for detecting andclassifying network events
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Modeling BGP table fluctuations
ITC20'07 Proceedings of the 20th international teletraffic conference on Managing traffic performance in converged networks
Spatio-temporal patterns in network events
Proceedings of the 6th International COnference
Characterizing inter-domain rerouting after japan earthquake
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
BGPfuse: using visual feature fusion for the detection and attribution of BGP anomalies
Proceedings of the Tenth Workshop on Visualization for Cyber Security
| Hi-index | 0.00 |
Detecting anomalous BGP-route advertisements is crucial for improving the security and robustness of the Internet's interdomain-routing system. In this paper, we propose an instance-learning framework that identifies anomalies based on deviations from the "normal" BGP-update dynamics for a given destination prefix and across prefixes. We employ wavelets for a systematic, multi-scaled analysis that avoids the "magic numbers" (e.g., for grouping related update messages) needed in previous approaches to BGP-anomaly detection. Our preliminary results show that the update dynamics are generally consistent across prefixes and time. Only a few prefixes differ from the majority, and most prefixes exhibit similar behavior across time. This small set of abnormal prefixes and time intervals may be further examined to determine the source of anomalous behavior. In particular, we observe that many of the unusual prefixes are unstable prefixes that experience frequent routing changes.