RDTD: A Tool for Detecting Internet Routing Disruptions at AS-Level

Main Article Content

Bahaa Al-Musawi https://orcid.org/0000-0002-6738-4120
Mohammed Falih Hassan https://orcid.org/0000-0002-2995-7442
Sabah M. Alturfi

Keywords

Inter-domain routing, route leak, emulation, anomaly detection, testbed

Abstract

Anomalous events such as link failure, misconfiguration, and Denial of Service attacks can affect the Internet inter-domain routing protocol. This effect can range from small to large-scale impact. While large-scale events can be detected using one or multiple global monitoring points, small-scale events need monitoring at the Autonomous System (AS) level. This paper presents a Real-time Detection Tool for Internet routing protocol Disruptions (RDTD) at AS-level. RDTD is a black-box statistical approach that detects disruptions based on observing changes in the underlying behaviour of a series of inter-domain routing updates rather than information contained in inter-domain routing updates. The RDTD can be connected to a designated AS to detect disruptions at that AS or to one of the collectors at public vantage points to detect the Internet routing disruptions from the public vantage-point’s view. The evaluation of the detection tool has been made through replaying route traffic related to one of the most well-known events within a controlled testbed. Our evaluation shows the ability of the detection tool to detect route leak in near real-time without requiring a long history of data. RDTD can also detect hidden anomalous behaviour in the underlying traffic that may pass without detection.

Downloads

Download data is not yet available.
Abstract 329 | 244-PDF-v8n2pp18-30 Downloads 21

References

Al-Musawi, B. (2018). Detecting BGP Anomalies Using Recurrence Quantification Analysis. Ph.D. dissertation, Swinburne University of Technology. Available at https://researchbank.swinburne.edu.au/file/627b88ea-e0d7-477a-9b64-6317fea582f7/1/bahaa_al_musawi_thesis.pdf
Al-Musawi, B., Al-Saadi, R., Branch, P., & Armitage, G. (2017). BGP Replay Tool (BRT) v0.2. Retrieved from http://i4t.swin.edu.au/reports/I4TRL-TR-170606A.pdf
Al-Musawi, B., Branch, P., & Armitage, G. (2015). Detecting BGP instability using recurrence quantification analysis (RQA). 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), Nanjing, 1-8, doi: 10.1109/PCCC.2015.7410340.
Al-Musawi, B., Branch, P., & Armitage, G. (2017). BGP anomaly detection techniques: A survey. IEEE Communications Surveys & Tutorials, 19(1), 377-396.
Al-Musawi, B., Branch, P., Hassan, M. F., & Pokhrel, S. R. (2020). Identifying OSPF LSA falsification attacks through non-linear analysis. Computer Networks,167, 107031. https://doi.org/10.1016/j.comnet.2019.107031
Bates, T., Chandra, R., Katz, D., & Rekhter, Y. (2007). Multiprotocol extensions for BGP-4. Retrieved from https://tools.ietf.org/html/rfc4760
Blunk, L., Karir, M., & Labovitz, C. (2011). Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format, October. Retrieved from http://tools.ietf.org/html/rfc6396
CAIDA. (2016). bgp-hackathon. Retrieved from https://github.com/CAIDA/bgp-hackathon/tree/master/bgpd-3
Chi, Y.-J., Oliveira, R., & Zhang, L. (2008). Cyclops: The AS-level Connectivity Observatory. SIGCOMM Computer Communication Review, 38(5), 5-16. https://doi.org/10.1145/1452335.1452337
Deshpande, S., Thottan, M., Ho, T. K., & Sikdar, B. (2009). An online mechanism for BGP instability detection and analysis. IEEE Transactions on Computers, 58(11), 1470-1484. doi: 10.1109/TC.2009.91
Forkan, A. R. M., Branch, P., Jayaraman, P. P., & Ferretto, A. (2019). An Internet-of-Things Solution to Assist Independent Living and Social Connectedness in Elderly. ACM Transactions on Social Computing, 2(4), 1-24. https://doi.org/10.1145/3363563
Haeberlen, A., Avramopoulos, I. C., Rexford, J., & Druschel, P. (2009). NetReview: Detecting When Interdomain Routing Goes Wrong. Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2009, April, Boston.
Huang, Y., Feamster, N., Lakhina, A., & Xu, J. J. (2007). Diagnosing network disruptions with network-wide analysis. ACM SIGMETRICS Performance Evaluation Review, 35(1), 61-72. http://doi.org/10.1145/1269899.1254890
Ishiguro, K. (2018). Quagga Routing Suite. Retrieved from http://www.nongnu.org/quagga/
Labovitz, C., Malan, G. R., & Jahanian, F. (1998). Internet Routing Instability. IEEE/ACM Transactions on Networking, 6(5), 515-528. doi: 10.1109/90.731185
Luckie, M. (2010). Scamper: a scalable and extensible packet prober for active measurement of the internet. IMC '10: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, 239-245. https://doi.org/10.1145/1879141.1879171
Lutu, A., Bagnulo, M., & Maennel, O. (2013). The BGP visibility scanner. 2013 Proceedings IEEE INFOCOM, Turin, 3243-3248. doi: 10.1109/INFCOM.2013.6567145
Marwan, N. (2015). CROSS RECURRENCE PLOT TOOLBOX 5.18 (R29.3). Retrieved from http://tocsy.pik-potsdam.de/CRPtoolbox/
Marwan, N., Romano, M. C., Thiel, M., & Kurths, J. (2007). Recurrence plots for the analysis of complex systems. Physics Reports, 438(5-6), 237-329. http://doi.org/10.1016/j.physrep.2006.11.001
Ortiz de Urbina Cazenave, I. O., Kö?lük, E., & Ganiz, M. C. (2011). An anomaly detection framework for BGP. 2011 International Symposium on Innovations in Intelligent Systems and Applications, Istanbul, 107-111. doi: 10.1109/INISTA.2011.5946083
Roudnev, A. (2005). Re: More on Moscow power failure( was RE: Moscow: global power outage). Retrieved from https://archive.nanog.org/mailinglist/mailarchives/old_archive/2005-05/msg00767.html
Routeviews. (2000). University of Oregon Route Views project. Retrieved from http://www.routeviews.org/
Shi, X., Xiang, Y., Wang, Z., Yin, X., & Wu, J. (2012). Detecting prefix hijackings in the internet with argus. IMC '12: Proceedings of the 2012 Internet Measurement Conference, November, 15–28. https://doi.org/10.1145/2398776.2398779
Toonk, A. (2015). Massive route leak causes Internet slowdown. June 12. Retrieved from http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/
Trulla, L. L., Giuliani, A., Zbilut, J. P., & Webber, C. L. (1996). Recurrence quantification analysis of the logistic equation with transients. Physics Letters A, 223(4), 255-260. https://doi.org/10.1016/S0375-9601(96)00741-4
Webber, C. L., & Zbilut, J. P. (2005). Recurrence Quantification Analysis of Nonlinear Dynamical Systems. Tutorials in contemporary nonlinear methods for the behavioral sciences, 26-94. Retrieved from https://www.nsf.gov/pubs/2005/nsf05057/nmbs/nmbs.pdf