Cristel Pelsser
International Journals and Magazines

The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior

Andra Lutu , Marcelo Bagnulo , Cristel Pelsser , Olaf Maennel and Jesús Cid-Sueiro

IEEE/ACM Transactions on Networking April 2015 Pages 1237--1250
Featured image for The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior
Routing Internet Monitoring Feeds Machine learning algorithms Communities Writing Anomaly detection BGP Internet measurement machine assembly
Download PDF Publisher Link

Abstract

In this paper, we propose the BGP Visibility Toolkit, a system for detecting and analyzing anomalous behavior in the Internet. We show that interdomain prefix visibility can be used to single out cases of erroneous demeanors resulting from misconfiguration or bogus routing policies. The implementation of routing policies with BGP is a complicated process, involving fine-tuning operations and interactions with the policies of the other active ASes. Network operators might end up with faulty configurations or unintended routing policies that prevent the success of their strategies and impact their revenues. As part of the Visibility Toolkit, we propose the BGP Visibility Scanner, a tool which identifies limited visibility prefixes in the Internet. The tool enables operators to provide feedback on the expected visibility status of prefixes. We build a unique set of ground-truth prefixes qualified by their ASes as intended or unintended to have limited visibility. Using a machine learning algorithm, we train on this unique dataset an alarm system that separates with 95% accuracy the prefixes with unintended limited visibility. Hence, we find that visibility features are generally powerful to detect prefixes which are suffering from inadvertent effects of routing policies. Limited visibility could render a whole prefix globally unreachable. This points towards a serious problem, as limited reachability of a non-negligible set of prefixes undermines the global connectivity of the Internet. We thus verify the correlation between global visibility and global connectivity of prefixes.

Publication Details

Publication Type
Journal Article
Publication Date
April 2015
Published In
IEEE/ACM Transactions on Networking
Volume & Issue
Vol. 24, No. 2
Pages
1237--1250
Publisher
IEEE
Digital Object Identifier (DOI)
10.1109/TNET.2015.2413838

Suggested citation

Andra Lutu, Marcelo Bagnulo, Cristel Pelsser, Olaf Maennel, and Jesús Cid-Sueiro. 2015. The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior. IEEE/ACM Transactions on Networking 24, 2 (Apr. 2015), 1237–1250. https://doi.org/10.1109/TNET.2015.2413838

BibTeX Citation

@article{Lutu2016,
	title        = {The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior},
	author       = {Andra Lutu and Marcelo Bagnulo and Cristel Pelsser and Olaf Maennel and Jes{\'{u}}s Cid{-}Sueiro},
	year         = 2015,
	month        = apr,
	journal      = {IEEE/ACM Transactions on Networking},
	publisher    = {IEEE},
	volume       = 24,
	number       = 2,
	pages        = {1237--1250},
	doi          = {10.1109/TNET.2015.2413838},
	issn         = {1558-2566},
	abstract     = {In this paper, we propose the BGP Visibility Toolkit, a system for detecting and analyzing anomalous behavior in the Internet. We show that interdomain prefix visibility can be used to single out cases of erroneous demeanors resulting from misconfiguration or bogus routing policies. The implementation of routing policies with BGP is a complicated process, involving fine-tuning operations and interactions with the policies of the other active ASes. Network operators might end up with faulty configurations or unintended routing policies that prevent the success of their strategies and impact their revenues. As part of the Visibility Toolkit, we propose the BGP Visibility Scanner, a tool which identifies limited visibility prefixes in the Internet. The tool enables operators to provide feedback on the expected visibility status of prefixes. We build a unique set of ground-truth prefixes qualified by their ASes as intended or unintended to have limited visibility. Using a machine learning algorithm, we train on this unique dataset an alarm system that separates with 95% accuracy the prefixes with unintended limited visibility. Hence, we find that visibility features are generally powerful to detect prefixes which are suffering from inadvertent effects of routing policies. Limited visibility could render a whole prefix globally unreachable. This points towards a serious problem, as limited reachability of a non-negligible set of prefixes undermines the global connectivity of the Internet. We thus verify the correlation between global visibility and global connectivity of prefixes.},
	bibsource    = {dblp computer science bibliography, https://dblp.org},
	biburl       = {https://dblp.org/rec/journals/ton/LutuBPMC16.bib},
	file         = {:https\://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7091956:PDF},
	groups       = {International Journals and Magazines},
	issue        = 2,
	keywords     = {Routing, Internet, Monitoring, Feeds, Machine learning algorithms, Communities, Writing, Anomaly detection, BGP, Internet measurement, machine assembly},
	numpages     = 14
}

Related publications

The Aftermath of Prefix Deaggregation

Andra Lutu, Cristel Pelsser, and Marcelo Bagnulo, et al.

Proceedings of the 2013 25th International Teletraffic Congress (ITC), 2013

Route Flap Damping Made Usable

Cristel Pelsser, Olaf Maennel, and Pradosh Mohapatra, et al.

Passive and Active Measurement - 12th International Conference, PAM 2011, 2011

Leveraging Inter-domain Stability for BGP Dynamics Analysis

Thomas Green, Anthony Lambert, and Cristel Pelsser, et al.

Passive and Active Measurement - 19th International Conference, PAM 2018, 2018

Leveraging interdomain stability for squeezed and juicy BGP dynamics

Thomas Green, Anthony Lambert, and Dario Rossi, et al.

7th PhD school on Traffic Monitoring and Analysis (TMA), 2017