Paper Info
Title
Detecting BGP anomalies with wavelet
Abstract
In this paper, we propose a BGP anomaly detection framework called BAlet that delivers both temporal and spatial localization of the potential anomalies. It requires only a simple count of BGP update messages collected over a certain period. We first investigate the self-similarity in BGP update traffic and present a quantitative validation. The strength of wavelet analysis in handling signals with scaling property and earlier success in applying it for network anomaly detection motivate us to apply the same technique on BGP routing traffic. Later by clustering the anomalies detected at different locations, BAlet is capable of identifying possible network-wide anomalous events. Our method does not rely on any information within the BGP messages, and serves as a complementary tool to reduce the candidate data set for further detailed root cause analysis. We evaluate BAlet on real BGP data sets that are known to contain anomalies. Results show that it is capable of detecting network-wide events such as message volume surges caused by slammer worm attack, and separating affected ASes from the rest.
Year
DOI
Venue
2008
10.1109/NOMS.2008.4575169
NOMS
Keywords
Field
DocType
network-wide anomalous event,wavelet analysis,spatial localization,routing traffic,wavelet transforms,anomaly detection,computer networks,balet,routing protocols,bgp anomalies,border gateway protocol,telecommunication security,telecommunication traffic,temporal localization,update traffic,information analysis,signal analysis,root cause analysis,pattern analysis
Anomaly detection,Data set,Computer science,Root cause analysis,Computer network,Border Gateway Protocol,Cluster analysis,Wavelet transform,Wavelet,Routing protocol
Conference
ISSN
ISBN
Citations 
1542-1201 E-ISBN : 978-1-4244-2066-7
978-1-4244-2066-7
9
PageRank 
References 
Authors
0.59
25
3
Name
Order
Citations
PageRank
Jianning Mai134218.63
Lihua Yuan281036.52
Chen-Nee Chuah346933.71