A Packet-Based Anomaly Detection Model for Inter-domain Routing

The current implementation of BGP protocol has a variety of vulnerabilities and weakness. Monitoring BGP’s behavior is an effective way to improve the security of inter-domain routing. Due to the difficulty of obtaining routing tables from Autonomous Systems, a packet-based model for detecting routing anomalies is presented. This model contains data collectors, anomaly detection engine, routing information database and result visualization module. A rule-based approach is designed, and the combined usage of rules and routing information database is proved to be effective on improving the accuracy of detection. Experiment results show that model performs well in detecting various anomalies. The feasibility and validity of the detecting approach are demonstrated by the detailed description of the deployment and performance analysis.