THROUGH THE LOOKING GLASS: CLASSIFYING ANOMALOUS BGP COMMUNITIES
Loading...
Authors
Welch, Josh
Subjects
network
networking
BGP
routing
reroute
protocol
community
communities
internet
traffic
malicious
anomaly
detector
detection
machine learning
networking
BGP
routing
reroute
protocol
community
communities
internet
traffic
malicious
anomaly
detector
detection
machine learning
Advisors
Beverly, Robert
Krenc, Thomas J.
Date of Issue
2020-09
Date
Sep-20
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
The Border Gateway Protocol (BGP) community field is poorly defined and has no means of authentication. This BGP attribute has the power to reroute and black hole traffic across the internet. The BGP communities' path attribute is normally prevalent and persistent. I hypothesize the persistence and prevalence of the path attribute can be used to develop a BGP community anomaly detector. This anomaly detector will allow for the discovery of and filtering out both malicious or misconfigured BGP community announcements. Future work could build upon the detection of anomaly and define the anomaly. In addition, an anomaly detector can be used to limit the spread and power of anomalous BGP communities.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
Copyright is reserved by the copyright owner.