Issue No.11 - November (2009 vol.58)
Shivani Deshpande , BlueCoat Systems, Sunnyvale
Marina Thottan , Bell Labs, Alcatel-Lucent, Murray Hill
Tin Kam Ho , Bell Labs, Alcatel-Lucent, Murray Hill
Biplab Sikdar , Rensselaer Polytechnic Institute, Troy
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2009.91
The importance of Border Gateway Protocol (BGP) as the primary interAutonomous System (AS) routing protocol that maintains the connectivity of the Internet imposes stringent stability requirements on its route selection process. Accidental and malicious activities such as misconfigurations, failures, and worm attacks can induce severe BGP instabilities leading to data loss, extensive delays, and loss of connectivity. In this work, we propose an online instability detection architecture that can be implemented by individual routers. We use statistical pattern recognition techniques for detecting the instabilities, and the algorithm is evaluated using real Internet data for a diverse set of events including misconfiguration, node failures, and several worm attacks. The proposed scheme is based on adaptive segmentation of feature traces extracted from BGP update messages and exploiting the temporal and spatial correlations in the traces for robust detection of the instability events. Furthermore, we use route change information to pinpoint the culprit ASes where the instabilities have originated.
BGP, anomaly detection, routing instability, statistical pattern recognition.
Shivani Deshpande, Marina Thottan, Tin Kam Ho, Biplab Sikdar, "An Online Mechanism for BGP Instability Detection and Analysis", IEEE Transactions on Computers, vol.58, no. 11, pp. 1470-1484, November 2009, doi:10.1109/TC.2009.91