Towards real-time route leak events detection

Shen Su; Beichuan Zhang; Lin Ye; Hongli Zhang; Nathan Yee

doi:10.1109/ICC.2015.7249474

Towards real-time route leak events detection

Shen Su, Beichuan Zhang, Lin Ye, Hongli Zhang, Nathan Yee

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Scopus citations

Abstract

Malicious attack and misconfiguration can cause unreachable websites, network outages, and other damages. Such incidents are usually observed together with anomalous AS paths which violate a 'valley-free' policy. Existing techniques to infer routing policy cannot satisfy industrial demand of real-time route leak detection because they are very likely to trigger false positives. In this paper, we propose an online detection scheme dedicated to detect route leak AS paths. Based on long-lived routing paths, and route anomalous concurrency, we manage to filter possible false positives in online scenarios. Applying this scheme to Oregon's routing data from 2009 to 2013, we detect 136 route leak events. Our evaluation shows that our scheme triggers no false positives, and most of these events are previously unknown to the research and operation communities at large.

Original language	English (US)
Title of host publication	2015 IEEE International Conference on Communications, ICC 2015
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	7192-7197
Number of pages	6
ISBN (Electronic)	9781467364324
DOIs	https://doi.org/10.1109/ICC.2015.7249474
State	Published - Sep 9 2015
Event	IEEE International Conference on Communications, ICC 2015 - London, United Kingdom Duration: Jun 8 2015 → Jun 12 2015

Publication series

Name	IEEE International Conference on Communications
Volume	2015-September
ISSN (Print)	1550-3607

Other

Other	IEEE International Conference on Communications, ICC 2015
Country/Territory	United Kingdom
City	London
Period	6/8/15 → 6/12/15

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1109/ICC.2015.7249474

Cite this

Su, S., Zhang, B., Ye, L., Zhang, H., & Yee, N. (2015). Towards real-time route leak events detection. In 2015 IEEE International Conference on Communications, ICC 2015 (pp. 7192-7197). Article 7249474 (IEEE International Conference on Communications; Vol. 2015-September). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICC.2015.7249474

Towards real-time route leak events detection. / Su, Shen; Zhang, Beichuan; Ye, Lin et al.
2015 IEEE International Conference on Communications, ICC 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 7192-7197 7249474 (IEEE International Conference on Communications; Vol. 2015-September).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Su, S, Zhang, B, Ye, L, Zhang, H & Yee, N 2015, Towards real-time route leak events detection. in 2015 IEEE International Conference on Communications, ICC 2015., 7249474, IEEE International Conference on Communications, vol. 2015-September, Institute of Electrical and Electronics Engineers Inc., pp. 7192-7197, IEEE International Conference on Communications, ICC 2015, London, United Kingdom, 6/8/15. https://doi.org/10.1109/ICC.2015.7249474

@inproceedings{f8f6e82ac4994918aa834ad4eaa713c5,

title = "Towards real-time route leak events detection",

abstract = "Malicious attack and misconfiguration can cause unreachable websites, network outages, and other damages. Such incidents are usually observed together with anomalous AS paths which violate a 'valley-free' policy. Existing techniques to infer routing policy cannot satisfy industrial demand of real-time route leak detection because they are very likely to trigger false positives. In this paper, we propose an online detection scheme dedicated to detect route leak AS paths. Based on long-lived routing paths, and route anomalous concurrency, we manage to filter possible false positives in online scenarios. Applying this scheme to Oregon's routing data from 2009 to 2013, we detect 136 route leak events. Our evaluation shows that our scheme triggers no false positives, and most of these events are previously unknown to the research and operation communities at large.",

author = "Shen Su and Beichuan Zhang and Lin Ye and Hongli Zhang and Nathan Yee",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; IEEE International Conference on Communications, ICC 2015 ; Conference date: 08-06-2015 Through 12-06-2015",

year = "2015",

month = sep,

day = "9",

doi = "10.1109/ICC.2015.7249474",

language = "English (US)",

series = "IEEE International Conference on Communications",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "7192--7197",

booktitle = "2015 IEEE International Conference on Communications, ICC 2015",

}

TY - GEN

T1 - Towards real-time route leak events detection

AU - Su, Shen

AU - Zhang, Beichuan

AU - Ye, Lin

AU - Zhang, Hongli

AU - Yee, Nathan

PY - 2015/9/9

Y1 - 2015/9/9

N2 - Malicious attack and misconfiguration can cause unreachable websites, network outages, and other damages. Such incidents are usually observed together with anomalous AS paths which violate a 'valley-free' policy. Existing techniques to infer routing policy cannot satisfy industrial demand of real-time route leak detection because they are very likely to trigger false positives. In this paper, we propose an online detection scheme dedicated to detect route leak AS paths. Based on long-lived routing paths, and route anomalous concurrency, we manage to filter possible false positives in online scenarios. Applying this scheme to Oregon's routing data from 2009 to 2013, we detect 136 route leak events. Our evaluation shows that our scheme triggers no false positives, and most of these events are previously unknown to the research and operation communities at large.

AB - Malicious attack and misconfiguration can cause unreachable websites, network outages, and other damages. Such incidents are usually observed together with anomalous AS paths which violate a 'valley-free' policy. Existing techniques to infer routing policy cannot satisfy industrial demand of real-time route leak detection because they are very likely to trigger false positives. In this paper, we propose an online detection scheme dedicated to detect route leak AS paths. Based on long-lived routing paths, and route anomalous concurrency, we manage to filter possible false positives in online scenarios. Applying this scheme to Oregon's routing data from 2009 to 2013, we detect 136 route leak events. Our evaluation shows that our scheme triggers no false positives, and most of these events are previously unknown to the research and operation communities at large.

UR - http://www.scopus.com/inward/record.url?scp=84953738966&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84953738966&partnerID=8YFLogxK

U2 - 10.1109/ICC.2015.7249474

DO - 10.1109/ICC.2015.7249474

M3 - Conference contribution

AN - SCOPUS:84953738966

T3 - IEEE International Conference on Communications

SP - 7192

EP - 7197

BT - 2015 IEEE International Conference on Communications, ICC 2015

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - IEEE International Conference on Communications, ICC 2015

Y2 - 8 June 2015 through 12 June 2015

ER -

Towards real-time route leak events detection

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this