SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Delayed Internet routing convergence
IEEE/ACM Transactions on Networking (TON)
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Measuring the effects of internet path faults on reactive routing
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Experimental Study of Internet Stability and Backbone Failures
FTCS '99 Proceedings of the Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing
An Analysis of Internet Inter-Domain Topology and Route Stability
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Dynamics of hot-potato routing in IP networks
Proceedings of the joint international conference on Measurement and modeling of computer systems
Locating internet routing instabilities
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A measurement framework for pin-pointing routing changes
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
BorderGuard: detecting cold potatoes from peers
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Shrink: a tool for failure diagnosis in IP networks
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
A first step toward understanding inter-domain routing dynamics
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
A measurement study on the impact of routing events on end-to-end internet path performance
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Visualizing Internet Routing Changes
IEEE Transactions on Visualization and Computer Graphics
Finding a needle in a haystack: pinpointing significant BGP routing changes in an IP network
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Characterizing network events and their impact on routing
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Effective diagnosis of routing disruptions from end systems
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Studying black holes in the internet with Hubble
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Detecting distributed network traffic anomaly with network-wide correlation analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Troubleshooting chronic conditions in large IP networks
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Learning, indexing, and diagnosing network faults
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
An architecture for network management
Proceedings of the 2009 workshop on Re-architecting the internet
ASTUTE: detecting a different class of traffic anomalies
Proceedings of the ACM SIGCOMM 2010 conference
Detecting the performance impact of upgrades in large operational networks
Proceedings of the ACM SIGCOMM 2010 conference
Proceedings of the First International Workshop on Data Dissemination for Large Scale Complex Critical Infrastructures
Listen to me if you can: tracking user experience of mobile network on social media
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
What happened in my network: mining network events from router syslogs
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Spatio-temporal patterns in network events
Proceedings of the 6th International COnference
P3CA: private anomaly detection across ISP networks
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
Rapid detection of maintenance induced changes in service performance
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Impact of Tohoku earthquake on R&E network in Japan
Proceedings of the Special Workshop on Internet and Disasters
Juggling the Jigsaw: towards automated problem inference from network trouble tickets
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Trinocular: understanding internet reliability through adaptive probing
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
PoiRoot: investigating the root cause of interdomain path changes
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Robust assessment of changes in cellular networks
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
An event-based platform for collaborative threats detection and monitoring
Information Systems
| Hi-index | 0.00 |
To maintain high availability in the face of changing network conditions, network operators must quickly detect, identify, and react to events that cause network disruptions. One way to accomplish this goal is to monitor routing dynamics, by analyzing routing update streams collected from routers. Existing monitoring approaches typically treat streams of routing updates from different routers as independent signals, and report only the "loud" events (i.e., events that involve large volume of routing messages). In this paper, we examine BGP routing data from all routers in the Abilene backbone for six months and correlate them with a catalog of all known disruptions to its nodes and links. We find that many important events are not loud enough to be detected from a single stream. Instead, they become detectable only when multiple BGP update streams are simultaneously examined. This is because routing updates exhibit network-wide dependencies. This paper proposes using network-wide analysis of routing information to diagnose (i.e., detect and identify) network disruptions. To detect network disruptions, we apply a multivariate analysis technique on dynamic routing information, (i.e., update traffic from all the Abilene routers) and find that this technique can detect every reported disruption to nodes and links within the network with a low rate of false alarms. To identify the type of disruption, we jointly analyze both the network-wide static configuration and details in the dynamic routing updates; we find that our method can correctly explain the scenario that caused the disruption. Although much work remains to make network-wide analysis of routing data operationally practical, our results illustrate the importance and potential of such an approach.