域间路由异常检测的统计方法

2006 3rd International Conference on Broadband Communications, Networks and Systems Pub Date : 2006-10-01 DOI:10.1109/BROADNETS.2006.4374397

S. Deshpande, M. Thottan, T. Ho, B. Sikdar

{"title":"域间路由异常检测的统计方法","authors":"S. Deshpande, M. Thottan, T. Ho, B. Sikdar","doi":"10.1109/BROADNETS.2006.4374397","DOIUrl":null,"url":null,"abstract":"A number of events such as hurricanes, earthquakes, power outages can cause large-scale failures in the Internet. These in turn cause anomalies in the interdomain routing process. The policy-based nature of border gateway protocol (BGP) further aggravates the effect of these anomalies causing severe, long lasting route fluctuations. In this work we propose an architecture for anomaly detection that can be implemented on individual routers. We use statistical pattern recognition techniques for extracting meaningful features from the BGP update message data. A time-series segmentation algorithm is then carried out on the feature traces to detect the onset of an instability event The performance of the proposed algorithm is evaluated using real Internet trace data. We show that instabilities triggered by events like router mis-configurations, infrastructure failures and worm attacks can be detected with a false alarm rate as low as 0.0083 alarms per hour. We also show that our learning based mechanism is highly robust as compared to methods like exponentially weighted moving average (EWMA) based detection.","PeriodicalId":147887,"journal":{"name":"2006 3rd International Conference on Broadband Communications, Networks and Systems","volume":"148 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"A Statistical Approach to Anomaly Detection in Interdomain Routing\",\"authors\":\"S. Deshpande, M. Thottan, T. Ho, B. Sikdar\",\"doi\":\"10.1109/BROADNETS.2006.4374397\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A number of events such as hurricanes, earthquakes, power outages can cause large-scale failures in the Internet. These in turn cause anomalies in the interdomain routing process. The policy-based nature of border gateway protocol (BGP) further aggravates the effect of these anomalies causing severe, long lasting route fluctuations. In this work we propose an architecture for anomaly detection that can be implemented on individual routers. We use statistical pattern recognition techniques for extracting meaningful features from the BGP update message data. A time-series segmentation algorithm is then carried out on the feature traces to detect the onset of an instability event The performance of the proposed algorithm is evaluated using real Internet trace data. We show that instabilities triggered by events like router mis-configurations, infrastructure failures and worm attacks can be detected with a false alarm rate as low as 0.0083 alarms per hour. We also show that our learning based mechanism is highly robust as compared to methods like exponentially weighted moving average (EWMA) based detection.\",\"PeriodicalId\":147887,\"journal\":{\"name\":\"2006 3rd International Conference on Broadband Communications, Networks and Systems\",\"volume\":\"148 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 3rd International Conference on Broadband Communications, Networks and Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BROADNETS.2006.4374397\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 3rd International Conference on Broadband Communications, Networks and Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BROADNETS.2006.4374397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

许多事件，如飓风、地震、停电，都可能导致互联网出现大规模故障。这些反过来又会导致域间路由过程中的异常。边界网关协议(BGP)基于策略的特性进一步加剧了这些异常的影响，导致严重、持久的路由波动。在这项工作中，我们提出了一种可以在单个路由器上实现的异常检测体系结构。我们使用统计模式识别技术从BGP更新消息数据中提取有意义的特征。然后对特征轨迹进行时间序列分割算法，以检测不稳定事件的发生，并使用真实的互联网轨迹数据对该算法的性能进行了评估。我们表明，由路由器错误配置、基础设施故障和蠕虫攻击等事件触发的不稳定性可以被检测到，误报率低至每小时0.0083次警报。我们还表明，与基于指数加权移动平均(EWMA)的检测方法相比，我们基于学习的机制具有高度鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Statistical Approach to Anomaly Detection in Interdomain Routing

A number of events such as hurricanes, earthquakes, power outages can cause large-scale failures in the Internet. These in turn cause anomalies in the interdomain routing process. The policy-based nature of border gateway protocol (BGP) further aggravates the effect of these anomalies causing severe, long lasting route fluctuations. In this work we propose an architecture for anomaly detection that can be implemented on individual routers. We use statistical pattern recognition techniques for extracting meaningful features from the BGP update message data. A time-series segmentation algorithm is then carried out on the feature traces to detect the onset of an instability event The performance of the proposed algorithm is evaluated using real Internet trace data. We show that instabilities triggered by events like router mis-configurations, infrastructure failures and worm attacks can be detected with a false alarm rate as low as 0.0083 alarms per hour. We also show that our learning based mechanism is highly robust as compared to methods like exponentially weighted moving average (EWMA) based detection.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2006 3rd International Conference on Broadband Communications, Networks and Systems

自引率

0.00%

发文量