Browse > Article
http://dx.doi.org/10.3837/tiis.2021.02.020

Research on Cyber IPB Visualization Method based on BGP Archive Data for Cyber Situation Awareness  

Youn, Jaepil (Department of Computer Engineering, Sejong University)
Oh, Haengrok (The 2nd R&D Institute 3rd Directorate, Agency for Defense Development)
Kang, Jiwon (Department of Computer Engineering, Sejong University)
Shin, Dongkyoo (Department of Computer Engineering, Sejong University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.15, no.2, 2021 , pp. 749-766 More about this Journal
Abstract
Cyber powers around the world are conducting cyber information-gathering activities in cyberspace, a global domain within the Internet-based information environment. Accordingly, it is imperative to obtain the latest information through the cyber intelligence preparation of the battlefield (IPB) process to prepare for future cyber operations. Research utilizing the cyber battlefield visualization method for effective cyber IPB and situation awareness aims to minimize uncertainty in the cyber battlefield and enable command control and determination by commanders. This paper designed architecture by classifying cyberspace into a physical, logical network layer and cyber persona layer to visualize the cyber battlefield using BGP archive data, which is comprised of BGP connection information data of routers around the world. To implement the architecture, BGP archive data was analyzed and pre-processed, and cyberspace was implemented in the form of a Di-Graph. Information products that can be obtained through visualization were classified for each layer of the cyberspace, and a visualization method was proposed for performing cyber IPB. Through this, we analyzed actual North Korea's BGP and OSINT data to implement North Korea's cyber battlefield centered on the Internet network in the form of a prototype. In the future, we will implement a prototype architecture based on Elastic Stack.
Keywords
BGP Archive Data Analysis; Cyber Intelligence Preparation of the Battlefield; Cyber IPB; Cyber Situation Awareness; Visualization;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. C. Demchak and Y. Shavitt, "China's Maxim - Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking," Military Cyber Affairs, vol. 3, no. 1, pp. 1-9, 2018.
2 K. S. Miller, "Intelligence Preparation of the Battlefield," Army Techniques Publication, no. 2-01. 3, 2019.
3 S. Liu, W. Cu, Y. Wu, and M. Liu, "A survey on information visualization: recent advances and challenges," The Visual Computer: International Journal of Computer Graphics, vol. 30, no. 12, pp. 1373-1393, Jan. 2014.   DOI
4 J. Roberts, "Foundational Cyberwarfare (Plan X)," Defense Advanced Research Projects Agency (DARPA), no. DARPA-BAA-13-02, pp. 5-52, Nov. 2012.
5 G. Conti, Security Data Visualization: Graphical Techniques for Network Analysis, 1 st Edition, San Francisco, USA: No Starch Press, pp. 105-124, 2007.
6 J. T. Langton, B. Newey, and P. R. Havig, "Visualization for cyber security command and control," Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II, vol. 7709, no. 11, pp. 1-12, Apr. 2010.
7 K. D. Scott, "Cyberspace Operations," US Joint Publication, no. 3-12, pp. 2-12, June 2018.
8 S. Teoh, S. Ranjan, A. Nucci, and C. N. Chuah, "BGP eye: A new visualization tool for real-time detection and analysis of BGP anomalies," in Proc. of the 3 rd International Workshop on Visualization for Computer Security (VizSEC), p. 81-90, Nov. 2006.
9 J. Shearer, K. L. Ma, and T. Kohlenberg, "BGPeep: An IP-Space Centered View for Internet Routing Data," in Proc. of International Workshop on Visualization for Computer Security (VizSEC), pp. 81-90, Sep. 2006.
10 W. Heinbockel, S. Noel, and J. Curbo, "Mission Dependency Modeling for Cyber Situational Awareness," in Proc. of NATO IST-148 Symposium on Cyber Defense Situation Awareness, vol. 148, no. 5, pp. 1-14, Oct. 2016.
11 M. Syamjumar, R. Durairajan, and P. Barford, "Bigfoot: A geo-based visualization methodology for detecting bgp threats," in Proc. of IEEE Symposium on Visualization for Cyber Security (VizSec), pp. 1-8, Oct. 2016.
12 L. F. Camargo, A. Moraes, D. R. C. Dias, and J. R. F. Brega, "Information Visualization Applied to Computer Network Security," in Proc. of International Conference on Computational Science and Its Applications, vol. 12250, pp. 44-59, July 2020.
13 R. A. Clarke and R. Knake, Cyber war: The Next Threat to National Security and What to Do About It, Old Saybrook, CT, USA: Tantor Media, 2020.
14 M. Candela, G. D. Battista, and L. Marzialetti, "Multi-view routing visualization for the identification of BGP issues," Journal of Computer Languages, vol. 58, no. 100966, June 2020.
15 Y. Lee and Y. Lee, "Yet Another BGP Archive Forensic Analysis Tool Using Hadoop and Hive," Journal of KIISE, vol. 42, no. 4, pp. 541-549, Apr. 2015.   DOI
16 A. Ulmer, M. Schufrin, D. Sessler, and J. Kohlhammer, "Visual-Interactive Identification of Anomalous IP-Block Behavior Using Geo-IP Data," in Proc. of IEEE Symposium on Visualization for Cyber Security (VizSec), pp.1-8, Oct. 2018.
17 P. Fonseca, E. S. Mota, R. Bennesby, and A. Passito, "BGP Dataset Generation and Feature Extraction for Anomaly Detection," in Proc. of IEEE Symposium on Computers and Communications (ISCC), pp. 1-6, July 2019.
18 M. Syamkumar, Y. Gullapalli, W. Tang, P. Barford, and J. Sommers, "BigBen: Telemetry Processing for Internet-wide Event Monitoring," arXiv preprint arXiv, vol. 2011, no. 10911, pp. 1-12, Nov. 2020.
19 F. Douzet, L. Petiniaud, L. Salamatian, K. Limonier, K. Salamatian, and T. Alchus, "Measuring the Fragmentation of the Internet: The Case of the Border Gateway Protocol (BGP) During the Ukrainian Crisis," in Proc. of the 12th International Conference on Cyber Conflict (CyCon), vol. 24, p. 157-182, May 2020.
20 L. Salamatian, F. Douzet, K. Limonier, and K. Salamatian, "The geopolitics behind the routes data travels: a case study of Iran," arXiv preprint arXiv, pp. 1-29, Nov. 2019.
21 R. Pradeepa and M. Pushpalatha, "A hybrid OpenFlow with intelligent detection and prediction models for preventing BGP path hijack on SDN," Soft Computing, vol. 24, no. 13, pp. 10205-10214, July 2020.   DOI
22 E. Biersack, Q. Jacquemart, F. Fischer, J. Fuchs, O. Thonnard, G. Theodoridis, D. Tzovaras, and P. A. Vervier, "Visual analytics for BGP monitoring and prefix hijacking identification," IEEE Network, vol. 26, no. 6, pp. 33-39, Dec. 2012.   DOI
23 T. Moye, R. Sawilla, R. Sullivan, and P. Lagadec, "NATO Request for Information: Cyber Defense Situational Awareness System," NATO Communications and Information Agency (NCI Agency), no. CO-14068-MNCD2, pp. 87-89, May 2015.
24 O. F. Ozarslan and K. Sarac, "ZIDX: A Generic Framework for Random Access to BGP Records in Compressed MRT Datasets," in Proc. of the 29th International Conference on Computer Communications and Networks (ICCCN), pp. 1-8, Aug. 2020.
25 J. Salido, M. Nakahara, and Y. Wang, "An analysis of network reachability using BGP data," in Proc. of the 3rd IEEE Workshop on Internet Applications (WIAPP), pp. 10-18, July 2003.
26 P. Sermpezis, V. Kotronis, A. Dainotti, and X. Dimitropoulos, "A survey among network operators on BGP prefix hijacking," ACM SIGCOMM Computer Communication Review, vol. 48, no. 1, pp. 64-69, Jan. 2018.   DOI