Bayesian detection of router configuration anomalies

Authors:
Khalid El-Arini;Kevin Killourhy
Affiliations:
Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA
Venue:
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Year:
2005

Citing 3
Cited 8

The cutting EDGE of IP router configuration

ACM SIGCOMM Computer Communication Review
Detecting BGP configuration faults with static analysis

NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
IP network configuration for intradomain traffic engineering

IEEE Network: The Magazine of Global Internetworking

Minerals: using data mining to detect router misconfigurations

Proceedings of the 2006 SIGCOMM workshop on Mining network data
SPIKE: best practice generation for storage area networks

SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
Detecting and resolving policy misconfigurations in access-control systems

Proceedings of the 13th ACM symposium on Access control models and technologies
Detecting network-wide and router-specific misconfigurations through data mining

IEEE/ACM Transactions on Networking (TON)
Detecting and resolving policy misconfigurations in access-control systems

ACM Transactions on Information and System Security (TISSEC)
On detecting active worms with varying scan rate

Computer Communications
Discovering access-control misconfigurations: new approaches and evaluation methodologies

Proceedings of the second ACM conference on Data and Application Security and Privacy
Efficient recovery from false state in distributed routing algorithms

NETWORKING'10 Proceedings of the 9th IFIP TC 6 international conference on Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Problems arising from router misconfigurations cost time and money. The first step in fixing such misconfigurations is finding them. In this paper, we propose a method for detecting misconfigurations that does not depend on an a priori model of what constitutes a correct configuration. Our hypothesis is that uncommon or unexpected misconfigurations in router data can be identified as statistical anomalies within a Bayesian framework. We present a detection algorithm based on this framework, and show that it is able to detect errors in the router configuration files of a university network.