Detection of Interdomain Routing Anomalies Based on Higher-Order Path Analysis

Author

Ganiz, Murat Can ; Kanitkar, Sudhan ; Chuah, Mooi Choo ; Pottenger, William M.

Author_Institution

Dept. of CSE, Lehigh Univ., Bethlehem, PA

fYear

2006

fDate

18-22 Dec. 2006

Firstpage

874

Lastpage

879

Abstract

Anomalous interdomain border gateway protocol (BGP) events including misconfigurations, attacks and large-scale power failures often affect the global routing infrastructure. Thus, the ability to detect and categorize such events is extremely useful. In this article we present a novel anomaly detection technique for BGP that distinguishes between different anomalies in BGP traffic. This technique is termed higher order path analysis (HOPA) and focuses on the discovery of patterns in higher order paths in supervised learning datasets. Our results demonstrate that not only worm events but also different types of worms as well as blackout events are cleanly separable and can be classified in real time based on our incremental approach. This novel approach to supervised learning has potential applications in cybersecurity/forensics and text/data mining in general.

Keywords

Internet; data analysis; data mining; internetworking; learning (artificial intelligence); protocols; telecommunication computing; telecommunication network routing; telecommunication security; telecommunication traffic; BGP traffic; anomalous interdomain border gateway protocol; data mining; higher-order path pattern analysis; interdomain routing anomaly detection; pattern discovery; supervised learning dataset; Computer security; Data mining; Event detection; Failure analysis; Forensics; Internet; Pattern analysis; Routing protocols; Supervised learning; Surges;

fLanguage

English

Publisher

ieee

Conference_Titel

Data Mining, 2006. ICDM '06. Sixth International Conference on

Conference_Location

Hong Kong

ISSN

1550-4786

Print_ISBN

0-7695-2701-7

Type

conf

DOI

10.1109/ICDM.2006.52

Filename

4053119