Title :
Early detection of BGP instabilities resulting from Internet worm attacks
Author :
Deshpande, S. ; Thottan, M. ; Sikdar, B.
Author_Institution :
ECSE Dept., Rensselaer Polytech. Inst., Troy, NY, USA
fDate :
29 Nov.-3 Dec. 2004
Abstract :
The increasing incidence of worm attacks in the Internet and the resulting instabilities in the global routing properties of the border gateway protocol (BGP) routers pose a serious threat to the connectivity and the ability of the Internet to deliver data correctly. In this paper we propose a mechanism to detect/predict the onset of such instabilities which can then enable the timely execution of preventive strategies in order to minimize the damage caused by the worm. Our technique is based on online statistical methods relying on sequential change-point and persistence filter based detection algorithms. Our technique is validated using a year´s worth of real traces collected from BGP routers in the Internet that we use to detect/predict the global routing instabilities corresponding to the Code Red II, Nimda and SQL Slammer worms.
Keywords :
Internet; computer network management; internetworking; invasive software; routing protocols; security of data; statistical analysis; telecommunication security; BGP instabilities; BGP routers; Code Red II worm; Internet; Nimda worm; SQL Slammer worm; border gateway protocol; early detection; global routing properties; online statistical methods; persistence filter based detection; preventive strategies; sequential change-point detection; worm attacks; Computer worms; Detection algorithms; Fault detection; IP networks; Information filtering; Internet; Robust stability; Routing protocols; Statistical analysis; Telecommunication traffic;
Conference_Titel :
Global Telecommunications Conference, 2004. GLOBECOM '04. IEEE
Print_ISBN :
0-7803-8794-5
DOI :
10.1109/GLOCOM.2004.1378412
