Portal de Periódicos da CAPES

Border gateway protocol graph: detecting and visualising internet routing anomalies

2015; Institution of Engineering and Technology; Volume: 10; Issue: 3 Linguagem: Inglês

10.1049/iet-ifs.2014.0525

1751-8717

Stavros Papadopoulos, Κωνσταντίνος Μουστάκας, Anastasios Drosou, Dimitrios Tzovaras,

Anomaly Detection Techniques and Applications

Border gateway protocol (BGP) is the main protocol used on the Internet today, for the exchange of routing information between different networks. The lack of authentication mechanisms in BGP, render it vulnerable to prefix hijacking attacks, which raise serious security concerns regarding both service availability and data privacy. To address these issues, this study presents BGPGraph, a scheme for detecting and visualising Internet routing anomalies. In particular, BGPGraph introduces a novel BGP anomaly metric that quantifies the degree of anomaly on the BGP activity, and enables the analyst to obtain an overview of the BGP status. The analyst, is afterwards able to focus on significant time windows for further analysis, by using a hierarchical graph visualisation scheme. Furthermore, BGPGraph uses a novel method for the quantification of information visualisation that allows for the evaluation, and optimal selection of parameters, in case of the corresponding visual analytics algorithms. As a result, by utilising the proposed approach, four new BGP anomalies were able to be identified. Experimental demonstration in known BGP events, illustrates the significant analytics potential of the proposed approach in terms of identifying prefix hijacks and performing root cause analysis.