Early detection of BGP instabilities resulting from Internet worm attacks

Author

Deshpande, S. ; Thottan, M. ; Sikdar, B.

Author_Institution

ECSE Dept., Rensselaer Polytech. Inst., Troy, NY, USA

Volume

4

fYear

2004

fDate

29 Nov.-3 Dec. 2004

Firstpage

2266

Abstract

The increasing incidence of worm attacks in the Internet and the resulting instabilities in the global routing properties of the border gateway protocol (BGP) routers pose a serious threat to the connectivity and the ability of the Internet to deliver data correctly. In this paper we propose a mechanism to detect/predict the onset of such instabilities which can then enable the timely execution of preventive strategies in order to minimize the damage caused by the worm. Our technique is based on online statistical methods relying on sequential change-point and persistence filter based detection algorithms. Our technique is validated using a year´s worth of real traces collected from BGP routers in the Internet that we use to detect/predict the global routing instabilities corresponding to the Code Red II, Nimda and SQL Slammer worms.

Keywords

Internet; computer network management; internetworking; invasive software; routing protocols; security of data; statistical analysis; telecommunication security; BGP instabilities; BGP routers; Code Red II worm; Internet; Nimda worm; SQL Slammer worm; border gateway protocol; early detection; global routing properties; online statistical methods; persistence filter based detection; preventive strategies; sequential change-point detection; worm attacks; Computer worms; Detection algorithms; Fault detection; IP networks; Information filtering; Internet; Robust stability; Routing protocols; Statistical analysis; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2004. GLOBECOM '04. IEEE

Print_ISBN

0-7803-8794-5

Type

conf

DOI

10.1109/GLOCOM.2004.1378412

Filename

1378412