Sciweavers

Share
DSOM
2003
Springer

Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events

12 years 1 months ago
Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events
Instead of relying completely on machine intelligence in anomaly event analysis and correlation, in this paper, we take one step back and investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanic analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with le high-level abstraction about the dynamics of BGP.
Soon Tee Teoh, Kwan-Liu Ma, Shyhtsun Felix Wu, Dan
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where DSOM
Authors Soon Tee Teoh, Kwan-Liu Ma, Shyhtsun Felix Wu, Daniel Massey, Xiaoliang Zhao, Dan Pei, Lan Wang, Lixia Zhang, Randy Bush
Comments (0)
books