Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms

Published

Author(s)

Kotikalapudi Sriram, Oliver Borchert, Patrick Gleichmann, Douglas C. Montgomery

Abstract

We present an evaluation methodology for comparison of existing and proposed new algorithms for Border Gateway Protocol (BGP) anomaly detection and robustness. A variety of algorithms and alert tools have been proposed and/or prototyped recently. They differ in the anomaly situations which they attempt to alert or mitigate, and also in the type(s) of data they use. Some are based on registry data from Regional Internet Registries (RIRs) and Internet Routing Registries (IRRs) an example is the Nemecis tool. Others such as the Prefix Hijack Alert System (PHAS) and the Pretty Good BGP (PGBGP) are driven by BGP trace data. The trace data is obtained from Reseaux Internet Protocol Europeens - Routing Information Service (RIPE-RIS), Routeviews, or a BGP speaker where the algorithm operates. We propose a new algorithm that combines the use of both registry and trace data, and also makes some key improvements overexisting algorithms. We have built an evaluation platform called TERRAIN (Testing and Evaluation of Routing Robustness in Assurable Inter-domain Networking) on which these algorithms can be tested and empirically compared based on real and/or synthetic anomalies in BGP messages. We will present a variety of results providing interesting insights into the comparative utility and performance of the various BGP robustness algorithms. Our objective is to share these early insights and invite feedback from the community to refine the TERRAIN evaluation framework and direct future analysis.
Proceedings Title
Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH)
Conference Dates
March 3-4, 2009
Conference Location
Washington, DC

Keywords

Border Gateway Protocol (BGP, BGP Security, BGP Robustness Algorithms, Regitry Analysis, Prefix Hijack, False Origin Attack.

Citation

Sriram, K. , Borchert, O. , Gleichmann, P. and Montgomery, D. (2009), A Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms, Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH), Washington, DC, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=900892 (Accessed March 29, 2024)
Created January 28, 2009, Updated February 19, 2017