Title :
Detecting BGP anomalies with wavelet
Author :
Mai, Jianning ; Yuan, Lihua ; Chuah, Chen-Nee
Author_Institution :
ECE Dept., UC Davis, Davis, CA
Abstract :
In this paper, we propose a BGP anomaly detection framework called BAlet that delivers both temporal and spatial localization of the potential anomalies. It requires only a simple count of BGP update messages collected over a certain period. We first investigate the self-similarity in BGP update traffic and present a quantitative validation. The strength of wavelet analysis in handling signals with scaling property and earlier success in applying it for network anomaly detection motivate us to apply the same technique on BGP routing traffic. Later by clustering the anomalies detected at different locations, BAlet is capable of identifying possible network-wide anomalous events. Our method does not rely on any information within the BGP messages, and serves as a complementary tool to reduce the candidate data set for further detailed root cause analysis. We evaluate BAlet on real BGP data sets that are known to contain anomalies. Results show that it is capable of detecting network-wide events such as message volume surges caused by slammer worm attack, and separating affected ASes from the rest.
Keywords :
computer networks; routing protocols; telecommunication security; telecommunication traffic; wavelet transforms; BAlet; BGP anomalies; anomaly detection; border gateway protocol; network-wide anomalous event; routing traffic; spatial localization; temporal localization; update traffic; wavelet analysis; Delay; Event detection; Information analysis; Pattern analysis; Performance analysis; Routing protocols; Signal analysis; Surges; Telecommunication traffic; Wavelet analysis;
Conference_Titel :
Network Operations and Management Symposium, 2008. NOMS 2008. IEEE
Conference_Location :
Salvador, Bahia
Print_ISBN :
978-1-4244-2065-0
Electronic_ISBN :
1542-1201
DOI :
10.1109/NOMS.2008.4575169
