Multi-view routing visualization for the identification of BGP issues

Candela, Massimo; Battista, Giuseppe Di; Marzialetti, Luca

doi:10.1016/j.cola.2020.100966

Cited by 5 publications

(8 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, Youn et al presented a study on BGP visualization tools focused on cyber situational awareness [82]. Their survey canvassed 10 tools, seven of which appear in our study: [5,9,64,67,68,73,76], and give more specifics on the visualization techniques employed, core functions, level of detail and use cases. However, they do not consider the specific attacks used to validate the tools or attempt to map the visualization techniques to the attack types.…”

Section: Related Surveys and Motivationmentioning

confidence: 99%

“…Unfortunately, nine of the 29 papers in this survey did not mention an attack type specifically, or the attack types were unknown or unavailable. Some papers had lower levels of detail and sub categories of attacks, such as prefix matching or more specific prefix attacks such as in Candela et al [9]. Additionally, these higher-level attacks can sometimes overlap in terms of observable routing behavior.…”

Section: Bgp Attack and Anomaly Typesmentioning

confidence: 99%

“…The two most common data sources for BGP data are the University of Oregon's Route Views Project 5 and RIPE Network Coordination Centre's Routing Information Service (RIS) 6 comprising 13 and 15 out of 29 papers respectively. Seven of the 29 papers integrate both data sources into their visualizations [9,11,13,14,17,41,43,74]. The third most common data source comes from select datasets produced by CAIDA 7 with only a handful of others using BGPmon 8 , Spam-Tracer [79], and the Maxmind GEOIP2 Database 9 .…”

Section: Datamentioning

confidence: 99%

“…Researchers have developed several BGP visualization tools to aid expert users in identifying, analyzing and understanding BGP attacks and anomalies. For example, well-known and publicly available tools such as BGPlay 1 [14], and more recently Upstream Visibility [9] and ProBGP [77], have been designed for use by network operators, researchers, and law enforcement. However, there has been less BGP visualization tool development than one might expect given how fundamental BGP is to the internet, as well as its historically-unresolved security issues.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

The State of the Art in BGP Visualization Tools: A Mapping of Visualization Techniques to Cyberattack Types

Raynor

Crnovrsanin

Bartolomeo

et al. 2022

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

show abstract

Section: Related Surveys and Motivationmentioning

confidence: 99%

Section: Bgp Attack and Anomaly Typesmentioning

confidence: 99%

Section: Datamentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The State of the Art in BGP Visualization Tools: A Mapping of Visualization Techniques to Cyberattack Types

Raynor

Crnovrsanin

Bartolomeo

et al. 2022

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

show abstract

“…Syamkumar et al(2020) [14] proposed a model called BigBen, a network telemetry processing system designed to accurately and timely report Internet events (interruptions, attacks, configuration changes, etc.). It was developed to identify a wide range of Internet events, characterized by location, range, and duration, and to compare detected events with events detected by large active probe-based detection systems..Massimo Candela et al(2020) [15] proposed a model called Upstream Visibility for scenario-based monitoring of Internet events (interruptions, attacks, configuration changes, etc.). The global view based on the stack area chart provides a high trend for the visibility of IP prefixes and has been developed to provide a local view to check the impact of IP prefixes visibility time.…”

Section: Related Work 21 Cyber Situation Awareness (Cyber Sa) Overviewsmentioning

confidence: 99%

Research on Cyber IPB Visualization Method based on BGP Archive Data for Cyber Situation Awareness

2021

KSII TIIS

View full text Add to dashboard Cite

Cyber powers around the world are conducting cyber information-gathering activities in cyberspace, a global domain within the Internet-based information environment. Accordingly, it is imperative to obtain the latest information through the cyber intelligence preparation of the battlefield (IPB) process to prepare for future cyber operations. Research utilizing the cyber battlefield visualization method for effective cyber IPB and situation awareness aims to minimize uncertainty in the cyber battlefield and enable command control and determination by commanders. This paper designed architecture by classifying cyberspace into a physical, logical network layer and cyber persona layer to visualize the cyber battlefield using BGP archive data, which is comprised of BGP connection information data of routers around the world. To implement the architecture, BGP archive data was analyzed and pre-processed, and cyberspace was implemented in the form of a Di-Graph. Information products that can be obtained through visualization were classified for each layer of the cyberspace, and a visualization method was proposed for performing cyber IPB. Through this, we analyzed actual North Korea's BGP and OSINT data to implement North Korea's cyber battlefield centered on the Internet network in the form of a prototype. In the future, we will implement a prototype architecture based on Elastic Stack.

show abstract

The State of the Art in BGP Visualization Tools: A Mapping of Visualization Techniques to Cyberattack Types

Raynor¹,

Crnovrsanin²,

Bartolomeo³

et al. 2022

Preprint

View full text Add to dashboard Cite

Internet routing is largely dependent on Border Gateway Protocol (BGP). However, BGP does not have any inherent authentication or integrity mechanisms that help make it secure. Effective security is challenging or infeasible to implement due to high costs, policy employment in these distributed systems, and unique routing behavior. Visualization tools provide an attractive alternative in lieu of traditional security approaches. Several BGP security visualization tools have been developed as a stop-gap in the face of ever-present BGP attacks. Even though the target users, tasks, and domain remain largely consistent across such tools, many diverse visualization designs have been proposed. The purpose of this study is to provide an initial formalization of methods and visualization techniques for BGP cybersecurity analysis. Using PRISMA guidelines, we provide a systematic review and survey of 29 BGP visualization tools with their tasks, implementation techniques, and attacks and anomalies that they were intended for. We focused on BGP visualization tools as the main inclusion criteria to best capture the visualization techniques used in this domain while excluding solely algorithmic solutions and other detection tools that do not involve user interaction or interpretation. We take the unique approach of connecting (1) the actual BGP attacks and anomalies used to validate existing tools with (2) the techniques employed to detect them. In this way, we contribute an analysis of which techniques can be used for each attack type. Furthermore, we can see the evolution of visualization solutions in this domain as new attack types are discovered. This systematic review provides the groundwork for future designers and researchers building visualization tools for providing BGP cybersecurity, including an understanding of the state-of-the-art in this space and an analysis of what techniques are appropriate for each attack type. Our novel security visualization survey methodology---connecting visualization techniques with appropriate attack types---may also assist future researchers conducting systematic reviews of security visualizations. All supplemental materials are available at https://osf.io/tupz6/.

show abstract

Multi-view routing visualization for the identification of BGP issues

Cited by 5 publications

References 8 publications

The State of the Art in BGP Visualization Tools: A Mapping of Visualization Techniques to Cyberattack Types

The State of the Art in BGP Visualization Tools: A Mapping of Visualization Techniques to Cyberattack Types

Research on Cyber IPB Visualization Method based on BGP Archive Data for Cyber Situation Awareness

The State of the Art in BGP Visualization Tools: A Mapping of Visualization Techniques to Cyberattack Types

Contact Info

Product

Resources

About