^ Top

NANOG Meeting Presentation Abstract

A Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms
Meeting: NANOG45
Date / Time: 2009-01-28 11:30am - 12:00pm
Room: La Fiesta Theater
Presenters: Speakers:

Kotikapaludi Sriram, NIST

Kotikalapudi Sriram received the B.S. and M.S. degrees from the Indian Institute of Technology in Kanpur, India, and a Ph.D. degree from Syracuse University, all in electrical engineering. He is currently a Senior Researcher in the Advanced Networking Technologies Division, National Institute of Standards and Technology (NIST), Gaithersburg, MD. Previously, he held various positions at Bell Laboratories - the innovations arm of Alcatel-Lucent and formerly that of AT&T. His titles at Bell Laboratories included Consulting Member of Technical Staff (approximately top 1% of engineers in 2001) and Distinguished Member of Technical Staff. His current research interests include Inter-domain Routing architecture and security, and seamless mobility in wireless access networks. He is a contributing author and a coeditor of Cable Modems: Current Technologies and Applications (IEEE Press, 1999). He holds 17 U.S. patents. He is a Fellow of the IEEE.
Patrick Gleichmann, NIST.
Doug Montgomery, NIST.
Okee Kim, NIST.
Oliver Borchert, NIST.
Abstract: We present an evaluation methodology for comparison of existing and proposed new algorithms for Border Gateway Protocol (BGP) anomaly detection and robustness. A variety of algorithms and alert tools have been proposed and/or prototyped recently. They differ in the anomaly situations which they attempt to alert or mitigate, and also in the type(s) of data they use. Some are based on registry data from Regional Internet Registries (RIRs) and Internet Routing Registries (IRRs), e.g., the Nemecis tool. Others such as the Prefix Hijack Alert System (PHAS) and the Pretty Good BGP (PGBGP) are driven by BGP trace data. The trace data is obtained from RIPE-RIS, Routeviews, or a BGP speaker where the algorithm operates. We propose a new algorithm that combines the use of both registry and trace data, and also makes some key improvements over existing algorithms. We have built an evaluation platform called TERRAIN (Testing and Evaluation of Routing Robustness in Assurable Inter-domain Networking) on which these algorithms can be tested and empirically compared based on real and/or synthetic anomalies in BGP messages. We will present a variety of results providing interesting insights into the comparative utility and performance of the various BGP robustness algorithms. Our objective is to share these early insights and invite feedback from the community to refine the TERRAIN evaluation framework and direct future analysis.
Files: youtubeA Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms
pdfSriram BGP Robust N45(PDF)
Sponsors: None.

Back to NANOG45 agenda.

NANOG45 Abstracts

  • Introduction to LISP
    Speakers:
    David Meyer, Cisco Systems/University of Oregon; Dino Farinacci, Cisco Systems;
  • Introduction to LISP
    Speakers:
    David Meyer, Cisco Systems/University of Oregon; Dino Farinacci, Cisco Systems;
  • Welcome Party
    Speakers:
    Sponsor Dominican Government, through the Dominican Republic, Export & Investment Center (CEI-RD)None; .
  • DNSSEC
    Speakers:
    Kevin Oberman, ESnet; Chris Griffiths, Comcast Cable;
  • DNSSEC
    Speakers:
    Kevin Oberman, ESnet; Chris Griffiths, Comcast Cable;
  • Peering 101
    Speakers:
    Kevin Oberman, ESnet; William B. Norton, InterStream;
  • Peering 101
    Speakers:
    Kevin Oberman, ESnet; William B. Norton, InterStream;
  • ISP Security
    Speakers:
    Eric JacksonArbor Networks; .
    Warren Kumari, Google;
  • ISP Security
    Speakers:
    Eric JacksonArbor Networks; .
    Warren Kumari, Google;
  • 4-byte ASNs
    Speakers:
    Greg Hankins, Force10 Networks; Chris MalayterSwitch and Data; .
  • 4-byte ASNs
    Speakers:
    Greg Hankins, Force10 Networks; Chris MalayterSwitch and Data; .
  • Peering
    Speakers:
    Aaron Hughes, Cariden Technologies, LMCO, UnitedLayer;

 

^ Back to Top