RDTD: A Tool for Detecting Internet Routing Disruptions at AS-Level

Main Article Content

Bahaa Al-Musawi https://orcid.org/0000-0002-6738-4120
Mohammed Falih Hassan https://orcid.org/0000-0002-2995-7442
Sabah M. Alturfi

Keywords

Inter-domain routing, route leak, emulation, anomaly detection, testbed

Abstract

Anomalous events such as link failure, misconfiguration, and Denial of Service attacks can affect the Internet inter-domain routing protocol. This effect can range from small to large-scale impact. While large-scale events can be detected using one or multiple global monitoring points, small-scale events need monitoring at the Autonomous System (AS) level. This paper presents a Real-time Detection Tool for Internet routing protocol Disruptions (RDTD) at AS-level. RDTD is a black-box statistical approach that detects disruptions based on observing changes in the underlying behaviour of a series of inter-domain routing updates rather than information contained in inter-domain routing updates. The RDTD can be connected to a designated AS to detect disruptions at that AS or to one of the collectors at public vantage points to detect the Internet routing disruptions from the public vantage-point’s view. The evaluation of the detection tool has been made through replaying route traffic related to one of the most well-known events within a controlled testbed. Our evaluation shows the ability of the detection tool to detect route leak in near real-time without requiring a long history of data. RDTD can also detect hidden anomalous behaviour in the underlying traffic that may pass without detection.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...
Abstract 72 | 244-PDF-v8n2pp18-30 Downloads 3

References

Al-Musawi, B. (2018). Detecting BGP Anomalies Using Recurrence Quantification Analysis. Ph.D. dissertation, Swinburne University of Technology. Available at https://researchbank.swinburne.edu.au/file/627b88ea-e0d7-477a-9b64-6317fea582f7/1/bahaa_al_musawi_thesis.pdf
Al-Musawi, B., Al-Saadi, R., Branch, P., & Armitage, G. (2017). BGP Replay Tool (BRT) v0.2. Retrieved from http://i4t.swin.edu.au/reports/I4TRL-TR-170606A.pdf
Al-Musawi, B., Branch, P., & Armitage, G. (2015). Detecting BGP instability using recurrence quantification analysis (RQA). 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), Nanjing, 1-8, doi: 10.1109/PCCC.2015.7410340.
Al-Musawi, B., Branch, P., & Armitage, G. (2017). BGP anomaly detection techniques: A survey. IEEE Communications Surveys & Tutorials, 19(1), 377-396.
Al-Musawi, B., Branch, P., Hassan, M. F., & Pokhrel, S. R. (2020). Identifying OSPF LSA falsification attacks through non-linear analysis. Computer Networks,167, 107031. https://doi.org/10.1016/j.comnet.2019.107031
Bates, T., Chandra, R., Katz, D., & Rekhter, Y. (2007). Multiprotocol extensions for BGP-4. Retrieved from https://tools.ietf.org/html/rfc4760
Blunk, L., Karir, M., & Labovitz, C. (2011). Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format, October. Retrieved from http://tools.ietf.org/html/rfc6396
CAIDA. (2016). bgp-hackathon. Retrieved from https://github.com/CAIDA/bgp-hackathon/tree/master/bgpd-3
Chi, Y.-J., Oliveira, R., & Zhang, L. (2008). Cyclops: The AS-level Connectivity Observatory. SIGCOMM Computer Communication Review, 38(5), 5-16. https://doi.org/10.1145/1452335.1452337
Deshpande, S., Thottan, M., Ho, T. K., & Sikdar, B. (2009). An online mechanism for BGP instability detection and analysis. IEEE Transactions on Computers, 58(11), 1470-1484. doi: 10.1109/TC.2009.91
Forkan, A. R. M., Branch, P., Jayaraman, P. P., & Ferretto, A. (2019). An Internet-of-Things Solution to Assist Independent Living and Social Connectedness in Elderly. ACM Transactions on Social Computing, 2(4), 1-24. https://doi.org/10.1145/3363563
Haeberlen, A., Avramopoulos, I. C., Rexford, J., & Druschel, P. (2009). NetReview: Detecting When Interdomain Routing Goes Wrong. Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2009, April, Boston.
Huang, Y., Feamster, N., Lakhina, A., & Xu, J. J. (2007). Diagnosing network disruptions with network-wide analysis. ACM SIGMETRICS Performance Evaluation Review, 35(1), 61-72. http://doi.org/10.1145/1269899.1254890
Ishiguro, K. (2018). Quagga Routing Suite. Retrieved from http://www.nongnu.org/quagga/
Labovitz, C., Malan, G. R., & Jahanian, F. (1998). Internet Routing Instability. IEEE/ACM Transactions on Networking, 6(5), 515-528. doi: 10.1109/90.731185
Luckie, M. (2010). Scamper: a scalable and extensible packet prober for active measurement of the internet. IMC '10: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, 239-245. https://doi.org/10.1145/1879141.1879171
Lutu, A., Bagnulo, M., & Maennel, O. (2013). The BGP visibility scanner. 2013 Proceedings IEEE INFOCOM, Turin, 3243-3248. doi: 10.1109/INFCOM.2013.6567145
Marwan, N. (2015). CROSS RECURRENCE PLOT TOOLBOX 5.18 (R29.3). Retrieved from http://tocsy.pik-potsdam.de/CRPtoolbox/
Marwan, N., Romano, M. C., Thiel, M., & Kurths, J. (2007). Recurrence plots for the analysis of complex systems. Physics Reports, 438(5-6), 237-329. http://doi.org/10.1016/j.physrep.2006.11.001
Ortiz de Urbina Cazenave, I. O., Kö?lük, E., & Ganiz, M. C. (2011). An anomaly detection framework for BGP. 2011 International Symposium on Innovations in Intelligent Systems and Applications, Istanbul, 107-111. doi: 10.1109/INISTA.2011.5946083
Roudnev, A. (2005). Re: More on Moscow power failure( was RE: Moscow: global power outage). Retrieved from https://archive.nanog.org/mailinglist/mailarchives/old_archive/2005-05/msg00767.html
Routeviews. (2000). University of Oregon Route Views project. Retrieved from http://www.routeviews.org/
Shi, X., Xiang, Y., Wang, Z., Yin, X., & Wu, J. (2012). Detecting prefix hijackings in the internet with argus. IMC '12: Proceedings of the 2012 Internet Measurement Conference, November, 15–28. https://doi.org/10.1145/2398776.2398779
Toonk, A. (2015). Massive route leak causes Internet slowdown. June 12. Retrieved from http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/
Trulla, L. L., Giuliani, A., Zbilut, J. P., & Webber, C. L. (1996). Recurrence quantification analysis of the logistic equation with transients. Physics Letters A, 223(4), 255-260. https://doi.org/10.1016/S0375-9601(96)00741-4
Webber, C. L., & Zbilut, J. P. (2005). Recurrence Quantification Analysis of Nonlinear Dynamical Systems. Tutorials in contemporary nonlinear methods for the behavioral sciences, 26-94. Retrieved from https://www.nsf.gov/pubs/2005/nsf05057/nmbs/nmbs.pdf