Detecting BGP anomalies with wavelet

12 years 2 months ago
Detecting BGP anomalies with wavelet
—In this paper, we propose a BGP anomaly detection framework called BAlet that delivers both temporal and spatial localization of the potential anomalies. It requires only a simple count of BGP update messages collected over a certain period. We first investigate the self-similarity in BGP update traffic and present a quantitative validation. The strength of wavelet analysis in handling signals with scaling property and earlier success in applying it for network anomaly detection motivate us to apply the same technique on BGP routing traffic. Later by clustering the anomalies detected at different locations, BAlet is capable of identifying possible network-wide anomalous events. Our method does not rely on any information within the BGP messages, and serves as a complementary tool to reduce the candidate data set for further detailed root cause analysis. We evaluate BAlet on real BGP data sets that are known to contain anomalies. Results show that it is capable of detecting networ...
Jianning Mai, Lihua Yuan, Chen-Nee Chuah
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where NOMS
Authors Jianning Mai, Lihua Yuan, Chen-Nee Chuah
Comments (0)