Rule-Based Anomaly Detection of Inter-domain Routing System

  • Peidong Zhu
  • Xin Liu
  • Mingjun Yang
  • Ming Xu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3756)


Inter-domain routing (IDR) system is a critical part of the Internet infrastructure. However, anomalies exist in BGP routing behaviors because of BGP misconfigurations, router malfunctions or deliberate attacking. To help secure the IDR system, this paper presents a rule-based framework and a rich set of detection rules to identify the abnormal routing behaviors. The detection rules are categorized into General Anomaly-detection Rules (GADRs) and Special Anomaly-detection Rules (SADRs), and they work together with the Basic Models and the Generated Models of the Internet respectively. Under the proposed framework, a prototype system, ISP-Health, is implemented, which can find out various abnormal routes and complex hidden routing attacks.


Border Gateway Protocol Detection Rule Monitor Network Commercial Relationship Detect Engine 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Halabi, B.: Internet Routing Architectures, 2nd edn. Cisco Press (2001)Google Scholar
  2. 2.
    Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (Secure-BGP). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)CrossRefGoogle Scholar
  3. 3.
    Murphy, S.: Border Gateway Protocol Security Analysis. IETF Internet Draft, draft-murphy-bgp-vuln-00.txt (November 2001)Google Scholar
  4. 4.
    Cowie, J., Ogielski, A., Premore, B., Yuan, Y.: Global Routing Instabilities during Code Red II and Nimda Worm Propagation,
  5. 5.
    Misel, S.A.: Wow, AS7007! NANOG mail archives. nanog/1997-04/msg00340.html,
  6. 6.
    Mahajan, R., et al.: Understanding BGP Misconfiguration. In: ACM SIGCOMM (2002)Google Scholar
  7. 7.
    Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: An Analysis of BGP Multiple Origin AS (MOAS) Conflicts. In: ACM SIGCOMM Internet Measurement Workshop (2001)Google Scholar
  8. 8.
    Huston, G.: BGP Table Statistics,
  9. 9.
    Chang, D.-F., Govindan, R., Heidemann, J.: Locating BGP Missing Routes Using Multiple Perspectives. In: ACM SIGCOMM (2004)Google Scholar
  10. 10.
    Broido, A., Nemeth, E., Claffy, K.: Internet Expansion,Rrefinement and Churn. ETT (January 2002)Google Scholar
  11. 11.
    Gao, L.: On Inferring Autonomous System Relationships in the Internet. In: IEEE Global Internet Symposium (2000)Google Scholar
  12. 12.
    Subramanian, L., Agarwal, S., Katz, R.H.: Characterizing the Internet Hierarchy from Multiple Vantage Points. In: IEEE INFOCOM (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Peidong Zhu
    • 1
  • Xin Liu
    • 2
  • Mingjun Yang
    • 1
  • Ming Xu
    • 2
  1. 1.School of ComputerNational University of Defense TechnologyChangshaChina
  2. 2.National Laboratory for Modern CommunicationsChengduChina

Personalised recommendations