Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Kotikalapudi Sriram; Oliver Borchert; Patrick Gleichmann; Douglas C. Montgomery;|
|Title:||A Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms|
|Published:||January 28, 2009|
|Abstract:||We present an evaluation methodology for comparison of existing and proposed new algorithms for Border Gateway Protocol (BGP) anomaly detection and robustness. A variety of algorithms and alert tools have been proposed and/or prototyped recently. They differ in the anomaly situations which they attempt to alert or mitigate, and also in the type(s) of data they use. Some are based on registry data from Regional Internet Registries (RIRs) and Internet Routing Registries (IRRs) an example is the Nemecis tool. Others such as the Prefix Hijack Alert System (PHAS) and the Pretty Good BGP (PGBGP) are driven by BGP trace data. The trace data is obtained from Reseaux Internet Protocol Europeens - Routing Information Service (RIPE-RIS), Routeviews, or a BGP speaker where the algorithm operates. We propose a new algorithm that combines the use of both registry and trace data, and also makes some key improvements overexisting algorithms. We have built an evaluation platform called TERRAIN (Testing and Evaluation of Routing Robustness in Assurable Inter-domain Networking) on which these algorithms can be tested and empirically compared based on real and/or synthetic anomalies in BGP messages. We will present a variety of results providing interesting insights into the comparative utility and performance of the various BGP robustness algorithms. Our objective is to share these early insights and invite feedback from the community to refine the TERRAIN evaluation framework and direct future analysis.|
|Proceedings:||Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH)|
|Dates:||March 3-4, 2009|
|Keywords:||Border Gateway Protocol (BGP, BGP Security, BGP Robustness Algorithms, Regitry Analysis, Prefix Hijack, False Origin Attack.|
|Research Areas:||Information Technology|
|PDF version:||Click here to retrieve PDF version of paper (930KB)|