Visual-based anomaly detection for BGP origin AS change (OASC) events

Soon Tee Teoh; Kwan-Liu Ma; S. Felix Wu; Dan Massey; Xiao Liang Zhao; Dan Pei; Lan Wang; Lixia Zhang; Randy Bush

Visual-based anomaly detection for BGP origin AS change (OASC) events

Soon Tee Teoh, Kwan-Liu Ma, S. Felix Wu, Dan Massey, Xiao Liang Zhao, Dan Pei, Lan Wang, Lixia Zhang, Randy Bush

Computer Science

Research output: Contribution to journal › Article › peer-review

13 Scopus citations

Abstract

To complement machine intelligence in anomaly event analysis and correlation, in this paper, we investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanical analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level abstraction about the dynamics of BGP.

Original language	English (US)
Pages (from-to)	155-168
Number of pages	14
Journal	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	2867
State	Published - Dec 1 2003

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Cite this

Visual-based anomaly detection for BGP origin AS change (OASC) events. / Teoh, Soon Tee; Ma, Kwan-Liu; Wu, S. Felix; Massey, Dan; Zhao, Xiao Liang; Pei, Dan; Wang, Lan; Zhang, Lixia; Bush, Randy.

In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 2867, 01.12.2003, p. 155-168.

Research output: Contribution to journal › Article › peer-review

Teoh, Soon Tee ; Ma, Kwan-Liu ; Wu, S. Felix ; Massey, Dan ; Zhao, Xiao Liang ; Pei, Dan ; Wang, Lan ; Zhang, Lixia ; Bush, Randy. / Visual-based anomaly detection for BGP origin AS change (OASC) events. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2003 ; Vol. 2867. pp. 155-168.

@article{218162d0b4d44998a964da050c000adf,

title = "Visual-based anomaly detection for BGP origin AS change (OASC) events",

abstract = "To complement machine intelligence in anomaly event analysis and correlation, in this paper, we investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanical analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level abstraction about the dynamics of BGP.",

author = "Teoh, {Soon Tee} and Kwan-Liu Ma and Wu, {S. Felix} and Dan Massey and Zhao, {Xiao Liang} and Dan Pei and Lan Wang and Lixia Zhang and Randy Bush",

year = "2003",

month = dec,

day = "1",

language = "English (US)",

volume = "2867",

pages = "155--168",

journal = "Lecture Notes in Computer Science",

issn = "0302-9743",

publisher = "Springer Verlag",

}

TY - JOUR

T1 - Visual-based anomaly detection for BGP origin AS change (OASC) events

AU - Teoh, Soon Tee

AU - Ma, Kwan-Liu

AU - Wu, S. Felix

AU - Massey, Dan

AU - Zhao, Xiao Liang

AU - Pei, Dan

AU - Wang, Lan

AU - Zhang, Lixia

AU - Bush, Randy

PY - 2003/12/1

Y1 - 2003/12/1

N2 - To complement machine intelligence in anomaly event analysis and correlation, in this paper, we investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanical analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level abstraction about the dynamics of BGP.

AB - To complement machine intelligence in anomaly event analysis and correlation, in this paper, we investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanical analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level abstraction about the dynamics of BGP.

UR - http://www.scopus.com/inward/record.url?scp=0242339692&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0242339692&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:0242339692

VL - 2867

SP - 155

EP - 168

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -

Visual-based anomaly detection for BGP origin AS change (OASC) events

Abstract

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this