C4.5: programs for machine learning
C4.5: programs for machine learning
IEEE/ACM Transactions on Networking (TON)
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Data mining: concepts and techniques
Data mining: concepts and techniques
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Observation and analysis of BGP behavior under stress
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Detection of Invalid Routing Announcement in the Internet
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Computer and Intrusion Forensics
Computer and Intrusion Forensics
Origin authentication in interdomain routing
Proceedings of the 10th ACM conference on Computer and communications security
Incident response: a strategic guide to handling system and network security breaches
Incident response: a strategic guide to handling system and network security breaches
Forensic analysis of autonomous system reachability
Proceedings of the 2006 SIGCOMM workshop on Mining network data
BGP routing dynamics revisited
ACM SIGCOMM Computer Communication Review
Asymmetric Feature Selection for BGP Abnormal Events Detection
ADMA '09 Proceedings of the 5th International Conference on Advanced Data Mining and Applications
A higher order collective classifier for detecting andclassifying network events
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
On knowledge-based classification of abnormal BGP events
ICISS'07 Proceedings of the 3rd international conference on Information systems security
BGPfuse: using visual feature fusion for the detection and attribution of BGP anomalies
Proceedings of the Tenth Workshop on Visualization for Cyber Security
| Hi-index | 0.00 |
Abnormal BGP events such as attacks, misconfigurations, electricity failures, can cause anomalous or pathological routing behavior at either global level or prefix level, and thus must be detected in their early stages. Instead of using ad hoc methods to analyze BGP data, in this paper we introduce an Internet Routing Forensics framework to systematically process BGP routing data, discover rules of abnormal BGP events, and apply these rules to detect the occurrences of these events. In particular, we leverage data mining techniques to train the framework to learn rules of abnormal BGP events, and our results from two case studies show that these rules are effective. In one case study, rules of worm events discovered from the BGP data during the outbreaks of the CodeRed and Nimda worms were able to successfully detect worm impact on BGP when an independent worm, the Slammer, subsequently occurred. Similarly, in another case study, rules of electricity blackout events obtained using BGP data from the 2003 East Coast blackout were able to detect the BGP impact from the Florida blackout caused by Hurricane Frances in 2004.