The BGP routing system is one of the key component of today's Internet infrastructure responsible for carrying data traffic across different Autonomous Systems (ASes). Recently, malformed BGP messages have become a threat to the operational community as they repeatedly cause BGP session resets until identified. However, the identification of the message itself is often difficult in large ISP networks. In this paper, we propose a novel method for real-time identification of these messages by using passively collects BGP messages. Our method focuses on the frequency of observed attributes and values of prefixes advertised by each AS. Based on our heuristics that common attributes are observed at similar time scale, we periodically measure the usage frequency of attributes from BGP messages observed in real-time and mark attributes and values used by minority of the AS as suspicious. We verify the efficiency of our method using BGP data obtained from operational networks.
[1]
Jennifer Rexford,et al.
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes
,
2006,
Proceedings of the 2006 IEEE International Conference on Network Protocols.
[2]
Daniel Massey,et al.
On Detection of Anomalous Routing Dynamics in BGP
,
2004,
NETWORKING.
[3]
Lixia Zhang,et al.
Quantifying Path Exploration in the Internet
,
2006,
IEEE/ACM Transactions on Networking.
[4]
Enke Chen,et al.
Revised Error Handling for BGP Updates from External Neighbors
,
2011
.
[5]
Matthew Roughan,et al.
BGP beacons
,
2003,
IMC '03.
[6]
Lixia Zhang,et al.
Cyclops: the AS-level connectivity observatory
,
2008,
CCRV.
[7]
Mark Crovella,et al.
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
,
2003
.
[8]
Enke Chen,et al.
BGP Support for Four-octet AS Number Space
,
2007,
RFC.