CommunityWatch: The Swiss-Army Knife of BGP Anomaly Detection
Vasileios Giotsas
TL;DR
CommunityWatch is an open-source system that detects BGP routing anomalies by analyzing Community attribute metadata, effectively identifying outages, leaks, and blackholing.
Contribution
It introduces a novel approach leveraging BGP Communities metadata for versatile and accurate anomaly detection in BGP routing.
Findings
Successfully detected infrastructure outages, route leaks, and blackholing.
Demonstrated the system's effectiveness in real-world scenarios.
Provides a flexible framework adaptable to various BGP anomalies.
Abstract
We present CommunityWatch, an open-source system that enables timely and accurate detection of BGP routing anomalies. CommunityWatch leverages meta-data encoded by AS operators on their advertised routes through the BGP Communities attribute. The BGP Communities values lack standardized semantics, offering the flexibility to attach a wide range of information, including AS relationships, location data, and route redistribution policies. Therefore, parsing and correlating Community values and their dynamics enables the detection and tracking of a variety of routing anomalies. We exhibit the efficacy of CommunityWatch through the detection of three different types of anomalies: infrastructure outages, route leaks, and traffic blackholing.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · Anomaly Detection Techniques and Applications