193.174.19.232<HTML><HEAD><TITLE>Abstract: Bahaa Al-Musawi (2018)</TITLE></HEAD><BODY BGCOLOR="#EEDFCC"><p>
<small> (2018) <a href="https://hdl.handle.net/1959.3/442511" target="_blank">https://hdl.handle.net/1959.3/442511</a></small
><h2>Detecting BGP Anomalies Using Recurrence Quantification Analysis</h2>
<strong>Bahaa Al-Musawi</strong><br>
<hr><p>The Border Gateway Protocol (BGP) is the Internet’s default inter-domain routing protocol that manages connectivity among Autonomous Systems (ASes). BGP is an incremental pro- tocol where, after the initial transfer of a full routing table, BGP traffic to peers should only reflect underlying topology or traffic engineering changes. Unfortunately, most BGP traffic consists of announcements, updates and withdrawals unrelated to any underlying network management goals. We define such BGP traffic as unstable BGP traffic as long as it does not disseminate the business relationship between Internet Service Providers (ISPs) or threaten BGP operation. We define ASes that originate unstable BGP traffic as unstable ASes.<br><br>BGP was developed at a time when information provided by an AS was assumed to be accurate. Although many attempts have been made to improve its security, BGP is still vulnerable to different types of anomalous events. BGP anomalies are rare but can cause great damage when they occur. The consequences of these anomalies can range from a single to thousands of anomalous BGP updates. These consequences have threatened Internet performance and reliability. Identifying BGP anomalies is a challenging task where BGP traffic has been characterised to be noisy, voluminous, and complex. Furthermore, unstable BGP traffic has the effect of masking anomalous traffic.<br><br>Recent statistics and trends of BGP anomalies show approximately 20% of BGP anomalies lasted less than 10 minutes but were able to pollute 90% of the Internet in less than 2 minutes. These statistics demonstrate the need for rapid detection of BGP anomalies. Early detection of BGP anomalies enables network operators to protect their network from the worst consequence of the anomalous behaviour and helps to improve Internet stability. Current approaches tend to be slow and require substantial historical data.<br><br>To overcome these challenges, this thesis proposes a novel scheme to detect BGP anomalies based on Recurrence Quantification Analysis (RQA). RQA is an advanced non-linear statistical analysis technique using phase space concepts. RQA can identify BGP anomalies rapidly. RQA can also identify abnormal hidden behaviour in the underlying BGP traffic that may otherwise pass without observation. Using the past and emulated BGP anomalies, we demonstrate that RQA can detect BGP anomalies within 62 seconds using 1200 seconds of historical BGP updates.<br><br>The main contribution of this thesis is to demonstrate that RQA can be used to detect anomalous BGP events rapidly. We apply RQA to well known BGP events and also to controlled experiments which we carried out on our network testbed.<br><br>We also demonstrate that background BGP traffic can be well described as the aggregation of unsynchronised periodic traffic with different frequencies. This behaviour is widespread and can last for months or even years.<br><br>Finally, we model BGP speakers (a router or a device that runs BGP) as dynamic systems using the concepts of phase space trajectory. Our modelling shows that BGP speakers generate traffic that have the characteristics of being non-linear, deterministic, and stable.</p>
<a href="literature.php">back</a>
</BODY></HTML>
</font></i></p>

<hr>
<p>
<a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/2.0/de/"><img 
alt="Creative Commons License" border="0" align="right"
src="0.pictures/cc-black.gif" width="100px" height="24px" /></a>
<small><b>&copy; 2024 SOME RIGHTS RESERVED</b>


<!--Creative Commons License-->
<br/>The content of this web site is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/2.0/de/">Creative Commons Attribution-NonCommercial-NoDerivs 2.0 Germany License</a>.<!--/Creative Commons License--><!-- <rdf:RDF xmlns="http://web.resource.org/cc/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
		<Work rdf:about="">
			<license rdf:resource="http://creativecommons.org/licenses/by-nc-nd/2.0/de/" />
	<dc:date>2006</dc:date>
	<dc:creator><Agent><dc:title>Norbert Marwan</dc:title></Agent></dc:creator>
	<dc:rights><Agent><dc:title>Norbert Marwan</dc:title></Agent></dc:rights>
	<dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" />
		</Work>
		<License rdf:about="http://creativecommons.org/licenses/by-nc-nd/2.0/de/"><permits rdf:resource="http://web.resource.org/cc/Reproduction"/><permits rdf:resource="http://web.resource.org/cc/Distribution"/><requires rdf:resource="http://web.resource.org/cc/Notice"/><requires rdf:resource="http://web.resource.org/cc/Attribution"/><prohibits rdf:resource="http://web.resource.org/cc/CommercialUse"/></License></rdf:RDF> -->

</small></p>
<p>
<small><b>Please note:</b>
The abstracts of the bibliography database may underly other copyrights.
</small></p>

<style  type="text/css">#print{display:none;}@media print{body{background-color:#ffffff;font-size:1px;color:#ffffff;}a,abbr,acronym,address,applet,area,b,base,basefont,bdo,big,blockquote,br,button,caption,center,cite,code,col,colgroup,dd,del,dfn,dir,div,dl,dt,em,fieldset,font,form,frame,frameset,h1,h2,h3,h4,h5,h6,hr,i,iframe,img,input,ins,isindex,kbd,label,legend,li,link,map,menu,meta,noframes,noscript,object,ol,optgroup,option,p,param,pre,q,s,samp,select,small,span,strike,strong,sub,sup,table,tbody,td,textarea,tfoot,th,thead,title,tr,tt,u,ul,var{display:none;}#print p{display:block;}#print p a{display:inline;}#print{left:0;top:0;padding:0;margin:0;height:220mm;width:170mm;font-size:12pt;font-family:sans-serif;line-height:16pt;color:#000000;background-color:#ffffff;display:block !important;text-align:center;}#print img{width:100mm;height:105mm;margin:auto;display:block;}}</style><div id="print"><img src="http://gfx.politiker-stopp.de/politiker-stopp-print-kopf.png" alt="" /><p>Ihr Browser versucht gerade eine Seite aus dem sogenannten Internet auszudrucken. Das Internet ist ein weltweites Netzwerk von Computern, das den Menschen ganz neue Möglichkeiten der Kommunikation bietet.</p><p>Da Politiker im Regelfall von neuen Dingen nichts verstehen, halten wir es für notwendig, sie davor zu schützen. Dies ist im beidseitigen Interesse, da unnötige Angstzustände bei Ihnen verhindert werden, ebenso wie es uns vor profilierungs- und machtsüchtigen Politikern schützt.</p><p>Sollten Sie der Meinung sein, dass Sie diese Internetseite dennoch sehen sollten, so können Sie jederzeit durch normalen Gebrauch eines Internetbrowsers darauf zugreifen. Dazu sind aber minimale Computerkenntnisse erforderlich. Sollten Sie diese nicht haben, vergessen Sie einfach dieses Internet und lassen uns in Ruhe.</p><p>Die Umgehung dieser Ausdrucksperre ist nach §95a UrhG verboten.</p><p>Mehr Informationen unter <a href="http://www.politiker-stopp.de">www.politiker-stopp.de</a>.</p></div>

</body>
</html>