Bigfoot: A geo-based visualization methodology for detecting BGP threats
| Autor: | Meenakshi Syamkumar, Paul Barford, Ramakrishnan Durairajan |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Ground truth
business.industry Computer science 020206 networking & telecommunications 020207 software engineering 02 engineering and technology computer.software_genre Visualization Footprint Geolocation Data visualization Border Gateway Protocol 0202 electrical engineering electronic engineering information engineering The Internet Data mining Routing (electronic design automation) business computer |
| Zdroj: | VizSEC |
| DOI: | 10.1109/vizsec.2016.7739583 |
| Popis: | Studies of inter-domain routing in the Internet have highlighted the complex and dynamic nature of connectivity changes that take place daily on a global scale. The ability to assess and identify normal, malicious, irregular and unexpected behaviors in routing update streams is important in daily network and security operations. In this paper we describe Bigfoot, a Border Gateway Protocol (BGP) update visualization system that has been designed to highlight and assess a wide variety of behaviors in update streams. At the core of Bigfoot is the notion of visualizing the announcements of network prefixes via IP geolocation. We investigate different representations of polygons for network footprints and show how straightforward application of IP geolocation can lead to representations that are difficult to interpret. Bigfoot includes techniques to filter, organize, analyze and visualize BGP updates that enable characteristics and behaviors of interest to be identified effectively. To demonstrate Bigfoot's capabilities, we consider 1.79B BGP updates collected over a period of one year and identify 139 candidate events in this data. We investigate a subset of these events in detail, along with ground truth from existing literature to show how network footprint visualizations can be used in operational deployments. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|