Inter-domain Routing Monitoring And Situation Visualization Based On International View

Internet is a collection of autonomous systems. As the key infrastructure of Internet, BGP is very vulnerable to various security threats for the lack of comprehensive security mechanisms. To better characterize BGP routing security situation, especially for our country, the academic community has done a lot of researches on the monitoring of inter-domain routing system. However, these researches can not reflect the security situation of Internet as a whole for they relied on only domestic routing views.In order to solve the problems aforementioned that the routing view is not comprehensive enough, an inter-domain routing monitoring method based on international routing views was proposed. This method improved the integrity of monitoring by incorporating routing views of both domestic and international ASes. In this paper, we systematically investigate the key issues involved in extending monitoring from only domestic view to international views, and then design and implement a monitoring system. Our contributions are summarized as follows.Firstly, we improve the integrity of current BGP monitoring that relies on only domestic views by simultaneously analyzing the routes from both domestic and international routing views. The definitions of several anomalies based on domestic views was revised, and further investigate the BGP anomaly detection on single routing table based on predefined rules, as well as the multiple-view based detection, which can find more anomalies and better understand the distribution of these anomalies by jointly detecting multiple routing tables. The performance of this detection was improved by a proposed indexing algorithm.Secondly, we systematically study and implement the international view based detection algorithms on routing anomalies, and revise the anomaly that data traffic destined for domestic ASes are rerouted through abroad ASes. Apart from that, we also complement our system by automatically updating the local knowledge base with the information collected from multiple data sources.Finally, we design and implement a series of visualization algorithm to better characterize the BGP situations, including the propagation of single bogus route, state-level interconnections between domestic ASes and abroad ASes, and the logic AS level connections based on international views.Based on the key technologies aforementioned, this paper designed and implemented an inter-domain routing monitoring system based on international view, which synthesized the routing information from both domestic and international views to cooperatively detect routing anomalies, achieving a better accuracy. Our system relies on the information achieved to visualize the security situations of inter-domain routing in real time. Also, our system provides a user-friendly interface that the statistics can be displayed in various forms, such as pie diagram, curve or bar chart.