Abstract
Inter-domain routing (IDR) system is a critical part of the Internet infrastructure. However, anomalies exist in BGP routing behaviors because of BGP misconfigurations, router malfunctions or deliberate attacking. To help secure the IDR system, this paper presents a rule-based framework and a rich set of detection rules to identify the abnormal routing behaviors. The detection rules are categorized into General Anomaly-detection Rules (GADRs) and Special Anomaly-detection Rules (SADRs), and they work together with the Basic Models and the Generated Models of the Internet respectively. Under the proposed framework, a prototype system, ISP-Health, is implemented, which can find out various abnormal routes and complex hidden routing attacks.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Halabi, B.: Internet Routing Architectures, 2nd edn. Cisco Press (2001)
Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (Secure-BGP). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)
Murphy, S.: Border Gateway Protocol Security Analysis. IETF Internet Draft, draft-murphy-bgp-vuln-00.txt (November 2001)
Cowie, J., Ogielski, A., Premore, B., Yuan, Y.: Global Routing Instabilities during Code Red II and Nimda Worm Propagation, http://www.renesys.com/projects/bgp_instability
Misel, S.A.: Wow, AS7007! NANOG mail archives. nanog/1997-04/msg00340.html, http://www.merit.edu/mail.archives/
Mahajan, R., et al.: Understanding BGP Misconfiguration. In: ACM SIGCOMM (2002)
Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: An Analysis of BGP Multiple Origin AS (MOAS) Conflicts. In: ACM SIGCOMM Internet Measurement Workshop (2001)
Huston, G.: BGP Table Statistics, http://www.telstra.net/ops/bgp/index.html
Chang, D.-F., Govindan, R., Heidemann, J.: Locating BGP Missing Routes Using Multiple Perspectives. In: ACM SIGCOMM (2004)
Broido, A., Nemeth, E., Claffy, K.: Internet Expansion,Rrefinement and Churn. ETT (January 2002)
Gao, L.: On Inferring Autonomous System Relationships in the Internet. In: IEEE Global Internet Symposium (2000)
Subramanian, L., Agarwal, S., Katz, R.H.: Characterizing the Internet Hierarchy from Multiple Vantage Points. In: IEEE INFOCOM (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhu, P., Liu, X., Yang, M., Xu, M. (2005). Rule-Based Anomaly Detection of Inter-domain Routing System. In: Cao, J., Nejdl, W., Xu, M. (eds) Advanced Parallel Processing Technologies. APPT 2005. Lecture Notes in Computer Science, vol 3756. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11573937_45
Download citation
DOI: https://doi.org/10.1007/11573937_45
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29639-3
Online ISBN: 978-3-540-32107-1
eBook Packages: Computer ScienceComputer Science (R0)