• Journal of Communications and Networks
• /
• v.12 no.2
• /
• pp.191-197
• /
• 2010

In this paper, we propose a novel methodology to identify border gateway protocol (BGP) updates associated with major events - affecting network reachability to multiple ASes - and separate them (statistically) from those attributable to minor events, which individually generate few updates, but collectively form the persistent background noise observed at BGP vantage points. Our methodology is based on principal component analysis, which enables us to transform and reduce the BGP updates into different AS clusters that are likely affected by distinct major events. We demonstrate the accuracy and effectiveness of our methodology through simulations and real BGP data.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.05b
• /
• pp.100-103
• /
• 2003

본 논문에서는 RFC 1771에 기반한 BGP4 라우팅 프로토콜개발 후 시험운영과 테스팅 시뮬레이터에 관한 개발 과정을 기술하였다. 시험운영 및 테스팅 시뮬이터는 RFC1771 A Border Gateway Protocol 4 (BGP-4)를 바탕으로 하여 메시지 전송, Path attributes 전송, Route Selection, Finite State Machine , Error 처리 기능을 검증 시험한다. 본고에서는 이에 대한 간략한 망의 구성 방법과 이에 대한 시험시뮬레이터, 및 테스팅 라우터의 환경 설정방식을 제시한다.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.39-48
• /
• 2022

Cyberattacks around the world continue to increase, and their damage extends beyond government facilities and affects civilians. These issues emphasized the importance of developing a system that can identify and detect cyber anomalies early. As above, in order to effectively identify cyber anomalies, several studies have been conducted to learn BGP (Border Gateway Protocol) data through a machine learning model and identify them as anomalies. However, BGP data is unbalanced data in which abnormal data is less than normal data. This causes the model to have a learning biased result, reducing the reliability of the result. In addition, there is a limit in that security personnel cannot recognize the cyber situation as a typical result of machine learning in an actual cyber situation. Therefore, in this paper, we investigate BGP (Border Gateway Protocol) that keeps network records around the world and solve the problem of unbalanced data by using SMOTE. After that, assuming a cyber range situation, an autoencoder classifies cyber anomalies and visualizes the classified data. By learning the pattern of normal data, the performance of classifying abnormal data with 92.4% accuracy was derived, and the auxiliary index also showed 90% performance, ensuring reliability of the results. In addition, it is expected to be able to effectively defend against cyber attacks because it is possible to effectively recognize the situation by visualizing the congested cyber space.

• Journal of Communications and Networks
• /
• v.14 no.3
• /
• pp.336-345
• /
• 2012

Autonomous system (AS) business relationships and their inference have been widely studied by network researchers in the past. An important application of inferred AS relationships can be the prediction of AS paths between a source and destination AS within a model. However, besides knowing the topology and inferred AS relationships, AS path prediction within a model needs to be understood in order for us to know how we can derive border gateway protocol (BGP) policies from AS relationships. In this paper, we shed light onto the predictive capabilities of AS relationships by investigating whether they can be translated into BGP policies such that inferred AS paths are consistent with real AS paths, e.g., paths observed from BGP routing tables. Our findings indicate that enforcing constraints such as the well-known valley-free property and the widely assumed preference of customer routes always results in a very low consistency for AS path inference. In addition, this is true irrespective of whether customer, peer, or provider routes are preferred. Apparently, applying such constraints eliminates many "correct" paths that are observed in BGP routing tables and that are propagated in a simple shortest path model where AS relationships are ignored. According to our findings, deriving BGP routing policies for predicting with high accuracy AS paths in a model directly from AS relationships is still difficult.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.10
• /
• pp.1525-1530
• /
• 2022

BGP(Border Gateway Protocol) is a routing protocol that is actively used in inter-AS routing on the Internet. However, BGP routing protocol is vulnerable to BGP hijacking attacks that hijack the network by impersonating normal BGP sessions. BGP Hijacking attacks can lead to causing intercept IP traffic or interference with the normal service operation. Recently, BGP hijacking attacks, which have often occurred overseas, have also occurred in Korea. It means threatening the security of the Internet. In this paper, we analyze the overall process of attack through representative attack cases and virtual scenarios of BGP hijacking and based on the results of analyzing the application status of security technology to prevent BGP hijacking attacks by Korea and global major ISPs. It covers the technical proposal of ISPs and autonomous system operators should take to defend against BGP hijacking attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.2
• /
• pp.238-240
• /
• 2016

Recently, the improvement in the data communication networks in terms of availability and reliability is emerging as a critical issue. In this context, the high availability and reliability of routers that control data flow and routing path between networks on the data communication network are being recognized as critical problems. Many methods for providing high availability to minimize the loss cost caused by the failure of a router are being studied. This paper proposed a BGP session takeover method using the Docker to support the high availability of the BGP session and to improve the takeover performance.

• Journal of Communications and Networks
• /
• v.9 no.4
• /
• pp.490-498
• /
• 2007

BGP route flap damping(RFD) was anecdotally considered to be a key contributor to the stability of the global Internet inter-domain routing system. However, it was recently shown that RFD can incorrectly suppress for substantially long periods of time relatively stable routes, i.e., routes that only fail occasionally. This phenomenon can be attributed to the complex interaction between BGP path exploration and how the RFD algorithm identifies route flaps. In this paper we identify a distinct characteristic of BGP path exploration following a single network event such as a link or router failure. Based on this characteristic, we distinguish BGP route updates during BGP path exploration from route flaps and propose a novel BGP route flap damping algorithm, RFD+. RFD+ has a number of attractive properties in improving Internet routing stability. In particular, it can correctly suppress persistent route flaps without affecting routes that only fail occasionally. In addition to presenting the new algorithm and analyzing its properties, we also perform simulation studies to illustrate the performance of the algorithm.

• ETRI Journal
• /
• v.24 no.2
• /
• pp.97-108
• /
• 2002

Optical Border Gateway Protocol (OBGP) is an extension to BGP for Optical Cross Connects (OXCs) to automatically setup multiple direct optical lightpaths between many different autonomous domains. With OBGP, the routing component of a network may be distributed to the edge of the network while the packet classification and forwarding is done in the core. However, it is necessary to analyze the stable convergence functions of OBGP in case of lightpath failures. In this paper, we first describe the architecture of the OBGP model and analyze the potential problems of OBGP, e.g., virtual BGP router convergence behavior in the presence of lightpath failure. We then propose an OBGP convergence model derived from an inter-AS (Autonomous System) relationship. The evaluation results show that the proposed model can be used for a stable OBGP routing policy and OBGP routing convergence under lightpath failures of the optical Internet.

• Annual Conference of KIPS
• /
• 2010.11a
• /
• pp.1050-1052
• /
• 2010

Locator and Identifier Split is considered as the solution to the scalability problem Internet is facing today. The separation approach of Locator and Identifier requires a third party called mapping system. The mapping system enables the inter-domain routing between two different edge networks. The design of this third party has generated many proposals, among them one approach use Border Gateway Protocol (BGP) for effective mapping information updates distribution. In this paper, we take advantage of this approach by considering the scalability in term of mapping information storage. Our goal is to provide scalability in term of mapping information storage as well as effective mapping information updates distribution.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.135-143
• /
• 2022

As the world has implemented social distancing and telecommuting due to the spread of COVID-19, real-time streaming sessions based on routing protocols have increased dependence on the Internet due to the activation of video and voice-related content services and cloud computing. BGP is the most widely used routing protocol, and although many studies continue to improve security, there is a lack of visual analysis to determine the real-time nature of analysis and the mis-detection of algorithms. In this paper, we analyze BGP data, which are powdered as normal and abnormal, on a real-world basis, using an anomaly detection algorithm that combines statistical and post-processing statistical techniques with Rule-based techniques. In addition, we present an interactive spatio-temporal analysis plan as an intuitive visualization plan and analysis result of the algorithm with a map and Sankey Chart-based visualization technique.