bgp lens patterns and anomalies in internet routing
play

BGP-lens: Patterns and Anomalies in Internet Routing Updates B. - PowerPoint PPT Presentation

Sep 13, 2022 •537 likes •755 views

BGP-lens: Patterns and Anomalies in Internet Routing Updates B. Aditya Prakash, Nicholas Valler, David Andersen, Michalis Faloutsos, Christos Faloutsos, SIGKDD09 Presented by: Jian Wen Whats Happening in BGP? Routing

  1. BGP-lens: Patterns and Anomalies in Internet Routing Updates B. Aditya Prakash, Nicholas Valler, David Andersen, Michalis Faloutsos, Christos Faloutsos, SIGKDD’09 Presented by: Jian Wen �

  2. What’s Happening in BGP?  Routing information in a BGP network is updated frequently.  Why? Link/node failure, router maintenance, misconfigure.  From these updates:  What is the normal pattern?  What does the anomalies look like (Route Flapping, Hijacking)?

  3. Anomalies

  4. Problem Definition  Given: BGP updates.  Problem: Find patterns and anomalies.  Out Approach: BGP-lens!

  5. Existing Work/Solutions  Network: BGP measurement and analysis  Canonical measurement and models for BGP anomalies and instability behaviors. Not really handy.  Detect network-wide BGP anomalies. Not for fine granularity.  Visualization and statistic methods. Data Mining?

  6. BGP-lens  A novel tool for automatically detecting patterns and anomalies in BGP updates at many different scales of observation.  Effective: Can detect both temporal and frequency anomalies.  Scalable: The algorithms are linear on the number of time-ticks and thus it can handle large datasets.  Admin-friendly: It can work with zero user input; automotive detection.

  7. Roadmap  Tool Components and Observations in BGP-lens  The Clothesline Effect - Temporal Analysis  The Tornado Plots - Frequency Analysis  Automating Discovery  Scalability  User-interface: BGP-lens as an administrative tool  BGP-lens at work

  8. Temporal Analysis: Clothesline  Linear-linear plots fail to show short duration spurts.  Threshold method cannot deal with the huge variations.  FFT cannot work here due to the burstiness of the updates.

  9. Temporal Analysis: Clothesline  Instead of using linear-linear plots, we use log-linear plots.  No striking outliers any more;  The “bin size”, or the window size for the measurement, now means a lot: clothesline!  Clothesline: a periodic update stream over a prolonged time period (so it may be Route Flapping).

  10. Catch the Clothesline: Marginals  Outliers in the “marginal” distribution usually correspond to clotheslines.  Marginal distribution plot  Log-log scale;  PDF of Occurrence count on Number of updates

  11. Frequency Analysis: Tornado  Due to the self-similar nature of the data, Fourier Transformation doesn’t work well for our purpose.  Discrete Wavelet Transform and scalogram.  Observations. Pronounced spikes correspond to  “tornadoes” that touch down. Darker tornado => Larger spike.  Non-touch-down tornado =>  Prolonged spike.

  12. Real “Tornados”  E1: A huge touch-down spike (one hour’ prefix hijacking).  E2: A dark non-touch- down spike (eight hours’ sustained update activities).

  13. Automating the Discovery Clotheslines Find longest time interval for outliers. Get marginal plot, find outliers.

  14. Automating the Discovery Clotheslines  For each time bin size b=2 i , derive the corresponding marginal plots.  Multiple plots corresponding to different i value.  For each marginal plot use the median filtering approach to determine “outliers”.  Median Filter Approach: reduce the noise and pick the median for output.  For each outliers found, find the longest time-interval from the corresponding clothesline plot.  For each time interval found, report the most consistent IPs or ASes etc.

  15. Automating the Discovery Prolonged Spike (Tornadoes)  Require two inputs: sensitivity and duration  Sensitivity: the percentage of the DWT coefficients to be considered, which refers to the strength of the spike (recall: larger coefficient -> darker scale cell -> larger spike).  Duration: the time threshold for the spike’s duration.  BGP-lens provides the default input of these two parameters.  Only consider wavelet coefficients within 60% of the maximum with duration at least 2 len-8+1

  16. Scalability of BGP-lens  Top-5 anomalies.  Two AMD Opteron dual-core 2.4GHz, 48G Mem, Fedora 5  Data size: > 18 million updates for two years.

  17. User Interface  Install and run! No more configuration!  Beginner/ Expert Mode

  18. BGP-lens on Duty: Clotheslines

  19. BGP-lens on Duty: Prolonged Spikes

  20. Summary  BGP-lens: handy tools for administrators to monitor BGP updates.  Efficient, scalable, and admin-friendly.  Support anomalies detection on both updates bursts and prolonged spikes.  The paper also covers some interesting observations:  Marginals that are mixture of log-normals with a power-law tail.  Self-similarity of BGP updates data corresponding to a 75-25 b- model slope.

  21. Future Work  On-line Monitoring Tool?  Incremental algorithms.  Arbitrary time instance and duration.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Routing in 2014 Geoff Huston APNIC Looking through the Routing Lens Looking through the

Routing in 2014 Geoff Huston APNIC Looking through the Routing Lens Looking through the

Routing in 2014 Geoff Huston APNIC Looking through the Routing Lens Looking through the Routing Lens There are very few ways to collect a view of the en2re Internet all at once

788 views • 65 slides
Internet routing is based on routing protocols that collect the input data No off-line route

Internet routing is based on routing protocols that collect the input data No off-line route

Introduction to Routing in Internet Internet basics IPv4 and ICMP Internet Addressing ARP - Address Resolution Protocol Routing Information (Distance Vector ) Protocol Principles 3-1 S-38.121 S-02 Rka, NB Internet routing is based on

214 views • 18 slides
Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture

Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture

Introduction to routing in the Internet Ethernet, switching vs. routing Internet architecture Addressing, routing principles Protocols: IPv4, ICMP, ARP (Chapters 23 in Huitema) Internet-1 S-38.2121 / Fall-07 / RKa, NB Ethernet Most

635 views • 26 slides
CS 557 Routing Measurements End to End Routing Behavior in the Internet Vern Paxson, 1996

CS 557 Routing Measurements End to End Routing Behavior in the Internet Vern Paxson, 1996

CS 557 Routing Measurements End to End Routing Behavior in the Internet Vern Paxson, 1996 Internet Routing Instability Labovitz, Malan, Jahanian, 1997 Spring 2013 End to End Routing Behavior Objective: Understand the actual behavior of

595 views • 22 slides
Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan

Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan

Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan Routing Routing Rout ing prot ocol 5 Goal: det ermine good pat h (sequence of rout ers) t hru 3 B C net work f rom source t o dest .

636 views • 40 slides
Patterns and Anomalies Christos Faloutsos CMU CMU SCS Thank you The Department of

Patterns and Anomalies Christos Faloutsos CMU CMU SCS Thank you The Department of

CMU SCS Mining Large Social Networks: Patterns and Anomalies Christos Faloutsos CMU CMU SCS Thank you The Department of Informatics Happy 20-th! Prof. Yannis Manolopoulos Prof. Kostas Tsichlas Mrs. Nina Daltsidou AUTH, May

743 views • 55 slides
Routing Jeff Chase Duke University IP Routing From Click IP Routing From Click Internet Map

Routing Jeff Chase Duke University IP Routing From Click IP Routing From Click Internet Map

Routing Jeff Chase Duke University IP Routing From Click IP Routing From Click Internet Map The Internet From CAIDA IP Address Allocation Originally (classful addrs), 4 address classes A: 0 | 7 bit network | 24 bit

573 views • 21 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
10/20/08 Today P561: Network Systems Internet routing (BGP) Week 4: Internetworking II

10/20/08 Today P561: Network Systems Internet routing (BGP) Week 4: Internetworking II

10/20/08 Today P561: Network Systems Internet routing (BGP) Week 4: Internetworking II Tunneling and MPLS Wireless routing Wireless handoffs Tom Anderson Ratul Mahajan TA: Colin Dixon 2 Internet today Key goals for Internet routing

488 views • 11 slides
End-to-End Routing Behavior in the Internet in the Internet

End-to-End Routing Behavior in the Internet in the Internet

End-to-End Routing Behavior in the Internet in the Internet Objective Understand the large-scale behavior of routing in the

533 views • 25 slides
End-to-end principle All control in end stations by Dave Clark e.g. error and flow

End-to-end principle All control in end stations by Dave Clark e.g. error and flow

Introduction to routing in the Internet Internet architecture IPv4, ICMP, ARP Addressing, routing principles (Chapters 23 in Huitema) Internet-1 S-38.121 / Fall-04 / RKa, NB Internet Architecture Principles End-to-end principle All

893 views • 21 slides
Towards internet of code ukasz Dbek May 27, 2015 This was supposed to be about lens library!

Towards internet of code ukasz Dbek May 27, 2015 This was supposed to be about lens library!

Towards internet of code ukasz Dbek May 27, 2015 This was supposed to be about lens library! Yes, but... This was supposed to be about lens library! Why internet is awesome? Because every device connected to it speaks the same language.

891 views • 64 slides
BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. RIPE 66 BIRD overview

BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. RIPE 66 BIRD overview

BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. RIPE 66 BIRD overview BIRD Internet Routing Daemon Routing protocols BGP, OSPF and RIP IPv4 and IPv6 support Linux and BSD kernel support Free and open

241 views • 13 slides
Network Layer: Control Plane Part II Routing in the Internet: Intra vs. Inter-AS Routing

Network Layer: Control Plane Part II Routing in the Internet: Intra vs. Inter-AS Routing

Network Layer: Control Plane Part II Routing in the Internet: Intra vs. Inter-AS Routing Intra-AS: RIP and OSPF (quick recap) Inter-AS: BGP and Policy Routing Internet Control Message Protocol: ICMP network management

888 views • 61 slides
Internet Routing Dr. Miled M. Tezeghdanti May 8, 2012 Dr. Miled M. Tezeghdanti () Internet

Internet Routing Dr. Miled M. Tezeghdanti May 8, 2012 Dr. Miled M. Tezeghdanti () Internet

Internet Routing Dr. Miled M. Tezeghdanti May 8, 2012 Dr. Miled M. Tezeghdanti () Internet Routing May 8, 2012 1 / 71 Introduction Networks may be interconnected using Repeaters Work at the Physical layer Bridges Work at the Data-Link

997 views • 84 slides
Detecting routing anomalies using RIPE Atlas Todor Yakimov Graduate School of Informatics

Detecting routing anomalies using RIPE Atlas Todor Yakimov Graduate School of Informatics

Detecting routing anomalies using RIPE Atlas Todor Yakimov Graduate School of Informatics University of Amsterdam Wednesday, February 5, 2014 Todor Yakimov (UvA) Detecting routing anomalies using RIPE Atlas Wednesday, February 5, 2014 1 / 17

723 views • 17 slides
Large Scale Copper Exploration in Zambia www.arcminerals.com FEBRUARY 2020 Di Disc

Large Scale Copper Exploration in Zambia www.arcminerals.com FEBRUARY 2020 Di Disc

Large Scale Copper Exploration in Zambia www.arcminerals.com FEBRUARY 2020 Di Disc sclaimer er The information contained in these slides and this presentation is being supplied to you by ARC confidential the information contained in

245 views • 21 slides
Anomalous event detection from surveillance video Aggelos K. Katsaggelos Professor Joseph

Anomalous event detection from surveillance video Aggelos K. Katsaggelos Professor Joseph

Anomalous event detection from surveillance video Aggelos K. Katsaggelos Professor Joseph Cummings Chair Northwestern University Department of EECS Department of Linguistics NorthSide University Hospital System Argonne National Laboratory

478 views • 28 slides
is embracing AI and Machine Learning Dean Clayton, SMAX Product Manager Max, SMAX Virtual Agent

is embracing AI and Machine Learning Dean Clayton, SMAX Product Manager Max, SMAX Virtual Agent

Why Service Management is embracing AI and Machine Learning Dean Clayton, SMAX Product Manager Max, SMAX Virtual Agent 13 August 2019 The Face of AI OR Agenda Principles of AI and Machine Learning Research - Automation, AI, and Analytics:

445 views • 26 slides
Presentation and Summary Paper How to ISMLL Eya Boumaiza Eya Boumaiza, ISMLL Hildesheim,

Presentation and Summary Paper How to ISMLL Eya Boumaiza Eya Boumaiza, ISMLL Hildesheim,

Presentation and Summary Paper How to Presentation and Summary Paper How to ISMLL Eya Boumaiza Eya Boumaiza, ISMLL Hildesheim, October 2019 1 / 30 Presentation and Summary Paper How to Outline Presentation How To Generic Recommendation for

778 views • 30 slides
Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with

Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with

Sixteenth Session of the Forum on Regional Climate Monitoring, Assessment and Prediction for Asia (FOCRAII), May 7, 2020 ( ), y , Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with SMART-based

457 views • 16 slides
S9385 AI-Based Anomaly Detections and Threat Forecasting for Unified Communications Networks

S9385 AI-Based Anomaly Detections and Threat Forecasting for Unified Communications Networks

S9385 AI-Based Anomaly Detections and Threat Forecasting for Unified Communications Networks Kevin Riley CTO, Ribbon Tim Thornton - Director Software Engineering, Ribbon About Ribbon Ribbon is a global leader in secure real-time

474 views • 31 slides
Alpha Presentation Transaction Anomaly Detection The Capstone Experience Team MSUFCU Andrew

Alpha Presentation Transaction Anomaly Detection The Capstone Experience Team MSUFCU Andrew

Alpha Presentation Transaction Anomaly Detection The Capstone Experience Team MSUFCU Andrew Schmidt Caleb Sherman Paul Soma Jiaming Xu Austin Roberts Department of Computer Science and Engineering Michigan State University From

218 views • 9 slides
Harnessing Carletons Forgotten Data: Energy Analytics for Improved Campus Sustainability

Harnessing Carletons Forgotten Data: Energy Analytics for Improved Campus Sustainability

Harnessing Carletons Forgotten Data: Energy Analytics for Improved Campus Sustainability Hannah Barnstone, Ethan Cassel-Mace, Alex Davis, Eva Grench, Miaoye Que, and Chris Tordi What is Energy Analytics? Data-driven tools to help

758 views • 52 slides

More recommend