Bigfoot: A Geo-Based Visualization Methodology For Detecting Bgp Threats
2016 IEEE SYMPOSIUM ON VISUALIZATION FOR CYBER SECURITY (VIZSEC)(2016)
摘要
Studies of inter-domain routing in the Internet have highlighted the complex and dynamic nature of connectivity changes that take place daily on a global scale. The ability to assess and identify normal, malicious, irregular and unexpected behaviors in routing update streams is important in daily network and security operations. In this paper we describe Bigfoot, a Border Gateway Protocol (BGP) update visualization system that has been designed to highlight and assess a wide variety of behaviors in update streams. At the core of Bigfoot is the notion of visualizing the announcements of network prefixes via IP geolocation. We investigate different representations of polygons for network footprints and show how straightforward application of IP geolocation can lead to representations that are difficult to interpret. Bigfoot includes techniques to filter, organize, analyze and visualize BGP updates that enable characteristics and behaviors of interest to be identified effectively. To demonstrate Bigfoot's capabilities, we consider 1.79B BGP updates collected over a period of one year and identify 139 candidate events in this data. We investigate a subset of these events in detail, along with ground truth from existing literature to show how network footprint visualizations can be used in operational deployments.
更多查看译文
关键词
BGP Security,Routing anomalies,Visualization,Human-centered computing -> Geographic visualization,Information systems -> Location based services,Geographic information systems,Computing methodologies -> Anomaly detection
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络