Paper Info
Title
Using Bursty Announcements for Early Detection of BGP Routing Anomalies.
Abstract
Despite the robust structure of the Internet, it is still susceptible to disruptive routing updates that prevent network traffic from reaching its destination. In this work, we propose a method for early detection of large-scale disruptions based on the analysis of bursty BGP announcements. We hypothesize that the occurrence of large-scale disruptions is preceded by bursty announcements. Our method is grounded in analysis of changes in the inter-arrival times of announcements. BGP announcements that are associated with disruptive updates tend to occur in groups of relatively high frequency, followed by periods of infrequent activity. To test our hypothesis, we quantify the burstiness of inter-arrival times around the date and times of three large-scale incidents: the Indosat hijacking event in April 2014, the Telecom Malaysia leak in June 2015, and the Bharti Airtel Ltd. hijack in November 2015. We show that we can detect these events several hours prior to when they were originally detected. We propose an algorithm that leverages the burstiness of disruptive updates to provide early detection of large-scale malicious incidents using local collector data. We describe limitations, open challenges, and how this method can be used for large-scale routing anomaly detection.
Year
Venue
DocType
2019
arXiv: Networking and Internet Architecture
Journal
Volume
Citations 
PageRank 
abs/1905.05835
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Pablo Moriano1215.14
Raquel Hill2577.81
L. Jean Camp352167.06