Recent studies have shown that router misconfigurations are common and can have dramatic consequences to the operations of a network. Misconfigurations can compromise the security of an entire network or even cause global disruptions to Internet connectivity. Several solutions have been proposed. They can detect a number of problems in real configuration files. However, these solutions share a common limitation: they are based on rules which need to be known beforehand. Violations of these rules are deemed misconfigurations. As policies typically differ among networks, these approaches are limited in the scope of mistakes they can detect. In this paper, we address the problem of router misconfigurations using data mining. We apply association rules mining to the configuration files of routers across an administrative domain to discover local, network-specific policies. Deviations from these local policies are potential misconfigurations. We have evaluated our scheme on configuration files from a large state-wide network provider, a large university campus and a high-performance research network. In this evaluation, we focused on three aspects of the configurations: user accounts, interfaces and BGP sessions. User accounts specify the users that can access the router and define the authorized commands. Interfaces are the ports used by routers to connect to different networks. Each interface may support a number of services and run various routing protocols. BGP sessions are the connections with neighboring autonomous systems (AS). BGP sessions implement the routing policies which select the routes that are filtered and the ones that are advertised to the BGP neighbors. We included the routing policies in our study. The results are promising. We discovered a number of errors that were confirmed and corrected by the network administrators. These errors would have been difficult to detect with current predefined rule-based approaches.
[1]
Anja Feldmann,et al.
IP network configuration for intradomain traffic engineering
,
2001,
IEEE Netw..
[2]
David A. Maltz,et al.
Routing design in operational networks: a look from the inside
,
2004,
SIGCOMM.
[3]
Albert G. Greenberg,et al.
On static reachability analysis of IP networks
,
2005,
Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..
[4]
Khalid El-Arini,et al.
Bayesian detection of router configuration anomalies
,
2005,
MineNet '05.
[5]
Andy Chou,et al.
Bugs as Inconsistent Behavior: A General Approach to Inferring Errors in Systems Code.
,
2001,
SOSP 2001.
[6]
Nick Feamster,et al.
Detecting BGP configuration faults with static analysis
,
2005
.
[7]
Hiroki Arimura,et al.
LCM ver. 2: Efficient Mining Algorithms for Frequent/Closed/Maximal Itemsets
,
2004,
FIMI.
[8]
Avishai Wool,et al.
A quantitative study of firewall configuration errors
,
2004,
Computer.
[9]
Ratul Mahajan,et al.
Understanding BGP misconfiguration
,
2002,
SIGCOMM 2002.
[10]
Albert G. Greenberg,et al.
The cutting EDGE of IP router configuration
,
2004,
Comput. Commun. Rev..