Browse > Article
http://dx.doi.org/10.7472/jksii.2022.23.5.135

Interactive Visual Analytic Approach for Anomaly Detection in BGP Network Data  

Choi, So-mi (Korea Advanced Institute of Science and Technology)
Kim, Son-yong (Ground Control.Cyber Team, Hanwha Systems)
Lee, Jae-yeon (Ground Control.Cyber Team, Hanwha Systems)
Kauh, Jang-hyuk (Cyber & Network Technology Center, Agency for Defense Development)
Kwon, Koo-hyung (Cyber & Network Technology Center, Agency for Defense Development)
Choo, Jae-gul (Korea Advanced Institute of Science and Technology)
Publication Information
Journal of Internet Computing and Services / v.23, no.5, 2022 , pp. 135-143 More about this Journal
Abstract
As the world has implemented social distancing and telecommuting due to the spread of COVID-19, real-time streaming sessions based on routing protocols have increased dependence on the Internet due to the activation of video and voice-related content services and cloud computing. BGP is the most widely used routing protocol, and although many studies continue to improve security, there is a lack of visual analysis to determine the real-time nature of analysis and the mis-detection of algorithms. In this paper, we analyze BGP data, which are powdered as normal and abnormal, on a real-world basis, using an anomaly detection algorithm that combines statistical and post-processing statistical techniques with Rule-based techniques. In addition, we present an interactive spatio-temporal analysis plan as an intuitive visualization plan and analysis result of the algorithm with a map and Sankey Chart-based visualization technique.
Keywords
Border Gateway Protocol; Anomaly Detection; Interactive Visual Analytic; Spatio-temporal Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 da Silva, Carlos Alexandre Gourvea, et al., "The Behavior of Internet Traffic for Internet Services during COVID-19 Pandemic Scenario," arXiv preprint arXiv_2105.04083, 2021. https://doi.org/10.48550/arXiv.2105.04083   DOI
2 Rekhter, Yakov, Tony Li, and Susan Hares, "A border gateway protocol 4 (BGP-4)," No. rfc4271, 2006. https://tools.ietf.org/html/rfc4271
3 Biersack, Ernst, et al., "Visual analytics for BGP monitoring and prefix hijacking identification," IEEE Network, Vol.26, No.6, pp.33-39, 2012. https://10.1109/MNET.2012.6375891   DOI
4 Feldmann, Anja, et al., "Locating internet routing instabilities," ACM SIGCOMM Computer Communication Review, Vol.34, No.4, pp.205-218, 2004. https://doi.org/10.1145/1030194.1015491   DOI
5 Deshpande, Shivani, et al., "An online mechanism for BGP instability detection and analysis," IEEE transactions on Computers, Vol.58, No.11, pp.1470-1484, 2009. https://doi.org/10.1109/TC.2009.91   DOI
6 Mai, Jianning, et al., "Detecting BGP anomalies with wavelet," NOMS 2008-2008 IEEE Network Operations and Management Symposium. IEEE, pp.465-472, 2008. https://doi.org/10.1109/NOMS.2008.4575169   DOI
7 Yan, He, et al., "BGPmon: A real-time, scalable, extensible monitoring system," 2009 Cybersecurity Applications & Technology Conference for Homeland Security, 2009. https://doi.org/10.1109/CATCH.2009.28   DOI
8 Shi, Xingang, et al., "Detecting prefix hijackings in the internet with argus," Proceedings of the 2012 Internet Measurement Conference, pp.15-28, 2012. https://doi.org/10.1145/2389776.2398779   DOI
9 Labovitz, Craig, et al., "Internet routing instability," IEEE/ACM transactions on Networking, Vol.6, No.5, pp.515-528, 1998. https://doi.org/10.1109/90.731185   DOI
10 Huang, Yiyi, et al., "Diagnosing network disruptions with network-wide analysis," ACM SIGMETRICS Performance Evaluation Review, Vol.35, No.1, pp.61-72, 2007. https://doi.org/10.1145/1269899.1254890   DOI
11 de Urbina Cazenave, et al., "An anomaly detection framework for BGP," 2011 International Symposium on Innovations in Intelligent Systems and Applications. IEEE, pp.107-111, 2011. https://doi.org/10.1109/INISTA.2011.5946083   DOI
12 Lutu, Andra, et al. "Separating wheat from chaff: Winnowing unintended prefixes using machine learning," IEEE INFOCOM 2014-IEEE Conference on Computer Communications. IEEE, pp.943-951, 2014. https://doi.org/10.1109/INFOCOM.2014.6848023   DOI
13 Al-Musawi, Bahaa, et al., "Detecting BGP instability using recurrence quantification analysis (RQA)," 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC). IEEE, pp.1-8, 2015. https://doi.org/10.1109/PCCC.2015.7410340   DOI
14 Theodoridis, Georgios, et al., "A novel unsupervised method for securing BGP against routing hijacks," Computer and Information Sciences III, pp.21-29, 2013.
15 Witten, Ian H., and Eibe Frank, "Data mining: practical machine learning tools and techniques with Java implementations," Acm Sigmod Record, Vol.31, No.1, pp.76-77, 2002.   DOI
16 Al-Musawi, Bahaa, Philip Brach, and Grenville Armitage, "BGP anomaly detection techniques: A survey," IEEE Communications Surveys & Tutorials, Vol.18, No.1, pp.377-396, 2016. https://doi.org/10.1109/COMST.2016.2622240   DOI