Towards Enhancing the Visual Analysis of Interdomain Routing

Alex Ulmer, Jörn Kohlhammer, Haya Shulman

Abstract

Interdomain routing with Border Gateway Protocol (BGP) plays a critical role in the Internet, determining paths that packets must traverse from a source to a destination. Due to its importance BGP also has a long history of prefix hijack attacks, whereby attackers cause the traffic to take incorrect routes, enabling traffic hijack, monitoring and modification by the attackers. Proposals for securing the protocol are adopted slowly or erroneous. Our goal is to create a novel visual analytics approach that facilitates easy and timely detection of misconfigurations and vulnerabilities both in BGP and in the secure proposals for BGP. This work initiates the analysis of the problem, the target users and state of the art approaches. We provide a comprehensive overview of the BGP threats and describe incidents that happened over the past years. The paper introduces two new user groups beside the network administrators, which should also be addressed in future approaches. It also contributes a survey about visual analysis of interdomain routing with BGP and secure proposals for BGP. The visualization approaches are rated and we derive seven key challenges that arise when following our roadmap for an enhanced visual analysis of interdomain routing.

References

  1. Andree Toonk (2015). BGP Hijack Incident by Syrian Telecommunications Establishment. BGPMon blog.
  2. Ballani, H., Francis, P., and Zhang, X. (2007). A study of prefix hijacking and interception in the internet. In ACM SIGCOMM Computer Communication Review, volume 37, pages 265-276. ACM.
  3. Bellovin, S., Bush, R., and Ward, D. (2014). Security Requirements for BGP Path Validation. RFC 7353 (Informational).
  4. BGP-Hijack (2008). Renesys blog pakistan hijacks youtube 2008. http://research.dyn.com/2008/02/pakistanhijacks-youtube-1/.
  5. BGP-Hijack (2014). Hijack event today by indosat. http://www.bgpmon.net/hijack-event-today-byindosat.
  6. BGP-Hijack (2015). Global collateral damage of tmnet leak. http://research.dyn.com/2015/06/globalcollateral-damage-of-tmnet-leak/.
  7. BGPMon (2014). Turkey Hijacking IP addresses for popular Global DNS providers.
  8. Ceneda, D., Di Bartolomeo, M., Di Donato, V., Patrignani, M., Pizzonia, M., and Rimondini, M. (2016). Routingwatch: Visual exploration and analysis of routing events. In NOMS. IEEE.
  9. Chi, Y.-J., Oliveira, R., and Zhang, L. (2008). Cyclops: the as-level connectivity observatory. ACM SIGCOMM Computer Communication Review, 38(5):5-16.
  10. Di Battista, L. C. G., Mariani, F., and Pizzonia, M. P. M. (2005). Visualizing interdomain routing with bgplay.
  11. Di Donato, V., Patrignani, M., and Squarcella, C. (2016). Netfork: Mapping time to space in network visualization. In Proceedings of the International Working Conference on Advanced Visual Interfaces, pages 92- 99. ACM.
  12. Endsley, M. R. (2016). Designing for situation awareness: An approach to user-centered design. CRC press.
  13. Fink, G. A., North, C. L., Endert, A., and Rose, S. (2009). Visualizing cyber security: Usable workspaces. In Visualization for Cyber Security, 2009. VizSec 2009. 6th International Workshop on, pages 45-56. IEEE.
  14. Fischer, F., Fuchs, J., Vervier, P.-A., Mansmann, F., and Thonnard, O. (2012). Vistracer: a visual analytics tool to investigate routing anomalies in traceroutes. In Proceedings of the ninth international symposium on visualization for cyber security, pages 80-87. ACM.
  15. Fisher, D. (2010). Animation for visualization: opportunities and drawbacks. Ch, 19:329-352.
  16. Ganichev, I., Dai, B., Godfrey, P., and Shenker, S. (2010). Yamr: Yet another multipath routing protocol. ACM SIGCOMM Computer Communication Review, 40(5):13-19.
  17. Goldberg, S. (2014). Why is it taking so long to secure internet routing? Communications of the ACM, 57(10):56- 63.
  18. Golledge, R. G. (1999). Wayfinding behavior: Cognitive mapping and other spatial processes. JHU press.
  19. Hartson, R. and Pyla, P. S. (2012). The UX Book: Process and guidelines for ensuring a quality user experience. Elsevier.
  20. Iamartino, D. (2015). Study and Measurements of the RPKI Deployment.
  21. Iamartino, D., Pelsser, C., and Bush, R. (2015). Measuring bgp route origin registration and validation. In International Conference on Passive and Active Network Measurement, pages 28-40. Springer.
  22. Keim, D. A., Kohlhammer, J., Ellis, G., and Mansmann, F. (2010). Mastering The Information Age-Solving Problems with Visual Analytics. Florian Mansmann.
  23. Kent, S., Lynn, C., and Seo, K. (2000). Secure border gateway protocol (s-bgp). IEEE Journal on Selected areas in Communications, 18(4):582-592.
  24. Lad, M., Zhang, L., and Massey, D. (2004). Link-rank: A graphical tool for capturing bgp routing dynamics. In NOMS, volume 1, pages 627-640. IEEE.
  25. Lepinski, M. and Kent, S. (2012). An infrastructure to support secure internet routing. RFC 6480 (Informational).
  26. Lutu, A., Bagnulo, M., and Maennel, O. (2013). The bgp visibility scanner. In Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on, pages 115-120. IEEE.
  27. Lychev, R., Goldberg, S., and Schapira, M. (2013). BGP Security in Partial Deployment: Is the Juice worth the Squeeze? In SIGCOMM, pages 171-182. ACM.
  28. Mohapatra, P., Scudder, J., Ward, D., Bush, R., and Austein, R. (2013). BGP Prefix Origin Validation. RFC 6811 (Proposed Standard).
  29. NIST (2015). NIST RPKI Monitor. https://rpkimonitor.antd.nist.gov/.
  30. Papadopoulos, S., Moustakas, K., and Tzovaras, D. (2013a). Bgpviewer: Using graph representations to explore bgp routing changes. In Digital Signal Processing (DSP), 2013 18th International Conference on, pages 1-6. IEEE.
  31. Papadopoulos, S., Theodoridis, G., and Tzovaras, D. (2013b). Bgpfuse: using visual feature fusion for the detection and attribution of bgp anomalies. In Proceedings of the Tenth Workshop on Visualization for Cyber Security, pages 57-64. ACM.
  32. RIPE-NCC (2016). Rseaux ip europens network coordination centre. https://www.ripe.net/analyse/internetmeasurements/routing-information-service-ris/risraw-data.
  33. RouteViews (2016). Bgp routing database. http://www.routeviews.org/.
  34. Shearer, J., Ma, K.-L., and Kohlenberg, T. (2008). Bgpeep: An ip-space centered view for internet routing data. In Visualization for Computer Security, pages 95-110. Springer.
  35. ThousandEyes (2016). Bgp route monitoring. https://www.thousandeyes.com/.
  36. Yan, H., Oliveira, R., Burnett, K., Matthews, D., Zhang, L., and Massey, D. (2009). Bgpmon: A real-time, scalable, extensible monitoring system. In CATCH'09. Cybersecurity Applications & Technology.
Download


Paper Citation


in Harvard Style

Ulmer A., Kohlhammer J. and Shulman H. (2017). Towards Enhancing the Visual Analysis of Interdomain Routing . In Proceedings of the 12th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: IVAPP, (VISIGRAPP 2017) ISBN 978-989-758-228-8, pages 209-216. DOI: 10.5220/0006126702090216


in Bibtex Style

@conference{ivapp17,
author={Alex Ulmer and Jörn Kohlhammer and Haya Shulman},
title={Towards Enhancing the Visual Analysis of Interdomain Routing},
booktitle={Proceedings of the 12th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: IVAPP, (VISIGRAPP 2017)},
year={2017},
pages={209-216},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006126702090216},
isbn={978-989-758-228-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: IVAPP, (VISIGRAPP 2017)
TI - Towards Enhancing the Visual Analysis of Interdomain Routing
SN - 978-989-758-228-8
AU - Ulmer A.
AU - Kohlhammer J.
AU - Shulman H.
PY - 2017
SP - 209
EP - 216
DO - 10.5220/0006126702090216