Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events Export

@incollection{citeulike:2072143, abstract = {To complement machine intelligence in anomaly event analysis and correlation, in this paper, we investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanical analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level ion about the dynamics of BGP.}, author = {Teoh, Soon-Tee and Ma, Kwan-Liu and Wu, Felix S. and Massey, Dan and Zhao, Xiao-Liang and Pei, Dan and Wang, Lan and Zhang, Lixia and Bush, Randy}, citeulike-article-id = {2072143}, citeulike-linkout-0 = {http://www.springerlink.com/content/dgn0y7v4evvu25w5}, journal = {Self-Managing Distributed Systems}, keywords = {bgp, security}, pages = {155--168}, posted-at = {2009-06-15 22:58:58}, priority = {2}, title = {Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events}, url = {http://www.springerlink.com/content/dgn0y7v4evvu25w5}, year = {2003} }

TY - CHAP ID - citeulike:2072143 L3 - citeulike-article-id:2072143 N2 - To complement machine intelligence in anomaly event analysis and correlation, in this paper, we investigate the possibility of a human-interactive visual-based anomaly detection system for faults and security attacks related to the BGP (Border Gateway Protocol) routing protocol. In particular, we have built and tested a program, based on fairly simple information visualization techniques, to navigate interactively real-life BGP OASC (Origin AS Change) events. Our initial experience demonstrates that the integration of mechanical analysis and human intelligence can effectively improve the performance of anomaly detection and alert correlation. Furthermore, while a traditional representation of OASC events provides either little or no valuable information, our program can accurately identify, correlate previously unknown BGP/OASC problems, and provide network operators with a valuable high-level ion about the dynamics of BGP. JF - Self-Managing Distributed Systems EP - 168 TI - Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events SP - 155 KW - bgp KW - security AU - Teoh, Soon-Tee AU - Ma, Kwan-Liu AU - Wu, Felix AU - Massey, Dan AU - Zhao, Xiao-Liang AU - Pei, Dan AU - Wang, Lan AU - Zhang, Lixia AU - Bush, Randy PY - 2003/// UR - http://www.springerlink.com/content/dgn0y7v4evvu25w5 ER -