The current implementation of BGP protocol has a variety of vulnerabilities and weakness. Monitoring BGP’s behavior is an effective way to improve the security of inter-domain routing. Due to the difficulty of obtaining routing tables from Autonomous Systems, a packet-based model for detecting routing anomalies is presented. This model contains data collectors, anomaly detection engine, routing information database and result visualization module. A rule-based approach is designed, and the combined usage of rules and routing information database is proved to be effective on improving the accuracy of detection. Experiment results show that model performs well in detecting various anomalies. The feasibility and validity of the detecting approach are demonstrated by the detailed description of the deployment and performance analysis.
[1]
Stephen T. Kent,et al.
Secure Border Gateway Protocol (S-BGP)
,
2000,
IEEE Journal on Selected Areas in Communications.
[2]
Paul C. van Oorschot,et al.
Analysis of BGP prefix origins during Google's May 2005 outage
,
2006,
Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.
[3]
Daniel Massey,et al.
An analysis of BGP multiple origin AS (MOAS) conflicts
,
2001,
IMW '01.
[4]
Susan Hares,et al.
A Border Gateway Protocol 4 (BGP-4)
,
1994,
RFC.
[5]
Lixin Gao,et al.
On inferring autonomous system relationships in the Internet
,
2000,
Globecom '00 - IEEE. Global Telecommunications Conference. Conference Record (Cat. No.00CH37137).