A Method for Real-Time Identification of Malformed BGP Messages

Author

Watari, Masafumi ; Jiang, Peng ; Tachibana, Atsuo ; Ano, Shigehiro

Author_Institution

KDDI R&D Labs. Inc., Saitama, Japan

fYear

2011

fDate

18-21 July 2011

Firstpage

508

Lastpage

512

Abstract

The BGP routing system is one of the key component of today´s Internet infrastructure responsible for carrying data traffic across different Autonomous Systems (ASes). Recently, malformed BGP messages have become a threat to the operational community as they repeatedly cause BGP session resets until identified. However, the identification of the message itself is often difficult in large ISP networks. In this paper, we propose a novel method for real-time identification of these messages by using passively collects BGP messages. Our method focuses on the frequency of observed attributes and values of prefixes advertised by each AS. Based on our heuristics that common attributes are observed at similar time scale, we periodically measure the usage frequency of attributes from BGP messages observed in real-time and mark attributes and values used by minority of the AS as suspicious. We verify the efficiency of our method using BGP data obtained from operational networks.

Keywords

Internet; internetworking; routing protocols; telecommunication traffic; BGP routing system; ISP networks; Internet infrastructure; autonomous system; border gateway protocol; data traffic; malformed BGP message; real-time identification; usage frequency; Internet; Monitoring; Real time systems; Routing; Routing protocols; Time frequency analysis; BGP; Malformed Messages; Passive Measurement;

fLanguage

English

Publisher

ieee

Conference_Titel

Applications and the Internet (SAINT), 2011 IEEE/IPSJ 11th International Symposium on

Conference_Location

Munich, Bavaria

Print_ISBN

978-1-4577-0531-1

Electronic_ISBN

978-0-7695-4423-6

Type

conf

DOI

10.1109/SAINT.2011.94

Filename

6004203