BGPGraph: Detecting and Visualizing Internet Routing Anomalies

Border gateway protocol (BGP) is the main protocol used on the Internet today, for the exchange of routing information between different networks. The lack of authentication mechanisms in BGP, render it vulnerable to prefix hijacking attacks, which raise serious security concerns regarding both service availability and data privacy. To address these issues, this study presents BGPGraph, a scheme for detecting and visualising Internet routing anomalies. In particular, BGPGraph introduces a novel BGP anomaly metric that quantifies the degree of anomaly on the BGP activity, and enables the analyst to obtain an overview of the BGP status. The analyst, is afterwards able to focus on significant time windows for further analysis, by using a hierarchical graph visualisation scheme. Furthermore, BGPGraph uses a novel method for the quantification of information visualisation that allows for the evaluation, and optimal selection of parameters, in case of the corresponding visual analytics algorithms. As a result, by utilising the proposed approach, four new BGP anomalies were able to be identified. Experimental demonstration in known BGP events, illustrates the significant analytics potential of the proposed approach in terms of identifying prefix hijacks and performing root cause analysis.