SlideShare a Scribd company logo

Rapid Detection of BGP Anomalies

APNIC
APNIC

This document proposes a Recurrence Quantification Analysis (RQA) scheme to detect Border Gateway Protocol (BGP) anomalies in real-time. It models BGP speakers as dynamic systems and uses RQA, a nonlinear analysis technique based on phase plane concepts, to measure characteristics of BGP traffic that can identify anomalies. The scheme is evaluated using a BGP controlled testbed and real-world anomaly events. An open-source real-time BGP anomaly detection tool is also presented.

Internet
1 of 42
Rapid Detection of BGP Anomalies Bahaa Al-Musawi, Philip Branch and Grenville Armitage balmusawi, pbranch, garmitage@swin.edu.au Internet for Things (I4T) Research Group Swinburne University of Technology
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 2APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA Scheme § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 3APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA Scheme § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 4APNIC44 BGP Anomalies § BGP is the Internet's default inter-domain routing protocol § Managing NRI between ASes with guarantees of avoiding routing loops
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 5APNIC44 BGP Anomalies § BGP is an incremental protocol § Routing Information Base (RIB) § Updates
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 6APNIC44 BGP Anomalies § BGP is an incremental protocol § Routing Information Base (RIB) § Updates
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 7APNIC44 BGP Anomalies § Real-world BGP traffic is a substantial volume traffic that do not appear related to events § It is difficult to define what is meant by an anomaly § We classify BGP traffic into § Unstable BGP traffic § Anomalous BGP traffic 1 B. Al-Musawi, P. Branch, and G. Armitage, “BGP Anomaly Detection Techniques: A Survey,” IEEE Communications Surveys Tutorials, vol. 19, no. 1, pp. 377–396, First quarter 2017
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 8APNIC44 BGP Anomalies § A single BGP update is categorised as an anomalous update if § Contains an invalid AS number § Invalid or reserved IP prefixes § A prefix announced by an illegitimate AS § A set of BGP updates are classified as an anomaly if § Show a rapid change in the number of BGP updates § Containing longest and shortest paths § Changes in the behaviour of total BGP traffic over time
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 9APNIC44 BGP Anomalies § A single BGP update is categorised as an anomalous update if § Contains an invalid AS number § Invalid or reserved IP prefixes § A prefix announced by an illegitimate AS § A set of BGP updates are classified as an anomaly if § Show a rapid change in the number of BGP updates § Containing longest and shortest paths § Changes in the behaviour of total BGP traffic over time
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 10APNIC44 BGP Anomalies § BGP traffic has been characterised as § Complex § Noisy § Voluminous, BGP speakers generate up to a GB of BGP traffic/day Sample of BGP traffic sent by peer AS197264
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 11APNIC44 BGP Anomalies § BGP anomaly detection § Can differentiate between unstable and anomalous traffic § Can rapidly detect BGP anomalies § 20% of anomalies can affect 90% of the Internet < 2 minutes § A lightweight and can work in real-time 1 X. Shi, Y. Xian, Z. Wang, X. Yin, and J. Wu, “Detecting prefix Hijacking in the Internet with Argus,” in Proceeding of the 2012 ACM Conference on Internet Measurement Conference, IMC’12, 2012
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 12APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA Scheme § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 13APNIC44 Detecting BGP Anomalies using RQA Scheme § We model BGP speakers as dynamic systems § Our modelling uses phase plane concepts http://www.acs.psu.edu/drussell/Demos/phase-diagram/phase-diagram.html
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 14APNIC44 Detecting BGP Anomalies using RQA Scheme § We model BGP speakers as dynamic systems § Our modelling uses phase plane concepts https://en.wikipedia.org
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 15APNIC44 Detecting BGP Anomalies using RQA Scheme § The outcomes of our modelling § Deterministic § Stable § Non-linear § Recurrent
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 16APNIC44 Detecting BGP Anomalies using RQA Scheme § Recurrence Quantification Analysis (RQA) § An advanced non-linear analysis technique based on a phase plane concepts § Has multiple measurements § RR, probability that a system will recurs after N time states § TT, how long a system remains in a specific state § T2, a measure of time taken to move taken to move from one state to another
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 17APNIC44 Detecting BGP Anomalies using RQA Scheme
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 18APNIC44 Detecting BGP Anomalies using RQA 1040-1060 seconds from 1 to 3
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 19APNIC44 Detecting BGP Anomalies using RQA Scheme RQA Scheme Design
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 20APNIC44 Detecting BGP Anomalies using RQA Scheme § BGP Controlled Testbed § Lack of time-stamp information for past BGP events § Provide ground truth validation § Helps to understand BGP behaviour at BGP speaker level § It also helps to classify BGP updates
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 21APNIC44 BGP Controlled Testbed § Virtual Internet Routing Lab (VIRL) § Linux KVM hypervisor § OpenStack § A set of virtual machines running real Cisco operating systems § BRT, a tool to replay past BGP updates with time stamps § Uses Net::BGP and Multiprotocol Extensions for BGP, RFC4760 § Supports different BGP attributes, IPv6 BGP updates and peering § Evaluated using real Cisco router, VIRL, and Quagga
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 22APNIC44 BGP Controlled Testbed
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 23APNIC44 BGP Controlled Testbed After 2950 seconds from injecting BGP traffic
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 24APNIC44 BGP Controlled Testbed BGP volume and average AS-PATH length features of as20r1
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 25APNIC44 BGP Controlled Testbed T2 measurement for BGP volume feature RR measurement for average AS-PATH length feature
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 26APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA Scheme § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 27APNIC44 RQA Scheme Evaluation § TP: Number of anomalies classified as anomalies § TN: Number of normal events classified as normal § FP: Number of normal events classified as anomalous § FN: Number of anomalous events classified as normal
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 28APNIC44 RQA Scheme Evaluation § TP: Number of anomalies classified as anomalies § TN: Number of normal events classified as normal § FP: Number of normal events classified as anomalous § FN: Number of anomalous events classified as normal Event Type of Anomaly Date Nimda DoS attack September 2001 TTNet BGP misconfiguration December 2004 Mosco blackout Hardware failure May 2005 TMnet BGP misconfiguration June 2015
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 29APNIC44 RQA Scheme Evaluation-TTNet event BGP Traffic sent by the peer AS12793 at rrc05
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 30APNIC44 RQA Scheme Evaluation-TTNet event Hidden anomalous behaviour-stop sending BGP updates for two minutes
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 31APNIC44 RQA Scheme Evaluation-TTNet event Hidden anomalous period in the underlying system behaviour
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 32APNIC44 RQA Scheme Evaluation § Applying RQA scheme over 1233794 seconds (14.28 days or 342.72 hours) § An average of one FP alarm every 42.84 hours Event TP TN FP FN Nimda 7 421405 5 0 TTNet 6 85201 0 0 Mosco blackout 9 597376 3 0 TMnet 8 85205 0 0 Summary 30 1233739 8 0
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 33APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 34APNIC44 Real-time BGP Anomaly Detection Tool (RBADT) § BGP collector § Net::BGP does not support IPV6 prefixes/connection § Develop a patch based on Multiprotocol Extensions for BGP, RFC4760
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 35APNIC44 Real-time BGP Anomaly Detection Tool (RBADT) § Emulate TMNet event by injecting BGP traffic using BRT § TMNet an example of BGP misconfiguration § AS4788 announced 179,0000 prefixes to level3 § Significant packet loss § Slow Internet service around the world
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 36APNIC44 Real-time BGP Anomaly Detection Tool (RBADT)
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 37APNIC44 Real-time BGP Anomaly Detection Tool (RBADT) § Detecting high volume of BGP traffic § High volume time 3782 seconds, detection time 3784 seconds
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 38APNIC44 BGP Controlled Testbed § Detecting hidden anomalous period in the underlying system behaviour § 6984-7046 seconds Detection at 7065 seconds
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 39APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusions
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 40APNIC44 Conclusions § BGP is vulnerable to different types of attacks § Detecting BGP anomalies is a challenge § A technique is needed to rapidly differentiate between unstable and anomalous BGP traffic § BGP speakers are stable, non-linear, and deterministic § RQA can rapidly detect BGP anomalies § RQA can detect hidden abnormal behaviours that may pass without observation § RQA can detect BGP anomalies with an average of one FP alarm every 42.84 hours
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 41APNIC44 Acknowledgements § BGP Replay Tool (BRT) v0.2 and RBADT v0.1 (under development) was supported under part by "APNIC Internet Operations Research Grant" under the ISIF Asia 2016 grant scheme ISIF Asia 2016 grant recipients § VIRL team at Cisco for providing free license and support
http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 42APNIC44 Useful links and sources § Rapid detection of BGP anomalies- project http://caia.swin.edu.au/tools/bgp/brt/ § B. Al-Musawi, P. Branch, and G. Armitage, " Detecting BGP Instability Using Recurrence Quantification Analysis", in 34th International Performance Computing and Communications Conference (IPCCC), 14 - 16 December 2015 § B. Al-Musawi, P. Branch, and G. Armitage, “BGP Anomaly Detection Techniques: A Survey,” IEEE Communications Surveys Tutorials, vol. 19, no. 1, pp. 377–396, First quarter 2017 § B. Al-Musawi, P. Branch, and G. Armitage, “Recurrence Behaviour of BGP Traffic,” in International Telecommunication Networks and Applications Conference (ITNAC) 2017, Melbourne, Australia, 22 November 2017 § B. Al-Musawi, R. Al-Saadi, P. Branch and G. Armitage,”BGP Replay Tool (BRT) v0.2,” I4T Research Lab, Swinburne University of Technology, Melbourne, Australia, Tech. Rep. I4TRL-TR-170606A, 06 June 2017. [Online]. Available: http://i4t.swin.edu.au/reports/I4TRL-TR-170606A.pdf

Recommended

Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
Bangladesh Network Operators Group
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
Bangladesh Network Operators Group
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX Updates
MyNOG
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Open Networking Summit
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
ShortestPathFirst
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
MyNOG
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
Pavel Odintsov
 

Recommended

Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
Bangladesh Network Operators Group
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
Bangladesh Network Operators Group
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX Updates
MyNOG
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Open Networking Summit
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
ShortestPathFirst
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
MyNOG
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
Pavel Odintsov
 
Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in Asia
MyNOG
 
DevCon 5 (December 2013) - WebRTC & WebSockets
DevCon 5 (December 2013) - WebRTC & WebSocketsDevCon 5 (December 2013) - WebRTC & WebSockets
DevCon 5 (December 2013) - WebRTC & WebSockets
Crocodile WebRTC SDK and Cloud Signalling Network
 
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
APNIC
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
APNIC
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)
Fakrul Alam
 
Tech w22
Tech w22Tech w22
Tech w22
SelectedPresentations
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP Transport
MyNOG
 
Netflix CDN and Open Source
Netflix CDN and Open SourceNetflix CDN and Open Source
Netflix CDN and Open Source
Gleb Smirnoff
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
APNIC
 
Global Server Load Balancing with NS1 and NGINX
Global Server Load Balancing with NS1 and NGINXGlobal Server Load Balancing with NS1 and NGINX
Global Server Load Balancing with NS1 and NGINX
NGINX, Inc.
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
APNIC
 
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGatePLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PROIDEA
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
Siena Perry
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!
APNIC
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial
Bangladesh Network Operators Group
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
APNIC
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
MyNOG
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
APNIC
 
Detecting BGP Instability Using RQA
Detecting BGP Instability Using RQADetecting BGP Instability Using RQA
Detecting BGP Instability Using RQA
University of Kufa
 
BGP
BGPBGP
BGP
KHNOG
 

More Related Content

What's hot

Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in Asia
MyNOG
 
DevCon 5 (December 2013) - WebRTC & WebSockets
DevCon 5 (December 2013) - WebRTC & WebSocketsDevCon 5 (December 2013) - WebRTC & WebSockets
DevCon 5 (December 2013) - WebRTC & WebSockets
Crocodile WebRTC SDK and Cloud Signalling Network
 
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
APNIC
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
APNIC
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)
Fakrul Alam
 
Tech w22
Tech w22Tech w22
Tech w22
SelectedPresentations
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
APNIC
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP Transport
MyNOG
 
Netflix CDN and Open Source
Netflix CDN and Open SourceNetflix CDN and Open Source
Netflix CDN and Open Source
Gleb Smirnoff
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
APNIC
 
Global Server Load Balancing with NS1 and NGINX
Global Server Load Balancing with NS1 and NGINXGlobal Server Load Balancing with NS1 and NGINX
Global Server Load Balancing with NS1 and NGINX
NGINX, Inc.
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
APNIC
 
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGatePLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PROIDEA
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
Siena Perry
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!
APNIC
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial
Bangladesh Network Operators Group
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
APNIC
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
MyNOG
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
APNIC
 

What's hot (20)

Combating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in AsiaCombating DDoS and why peering is important in Asia
Combating DDoS and why peering is important in Asia
 
DevCon 5 (December 2013) - WebRTC & WebSockets
DevCon 5 (December 2013) - WebRTC & WebSocketsDevCon 5 (December 2013) - WebRTC & WebSockets
DevCon 5 (December 2013) - WebRTC & WebSockets
 
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
Internet Week 2018: APNIC Reverse DNS service outage report: May 2018
 
Actual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long PeriodActual Condition Survey of Malware Download Sites for A Long Period
Actual Condition Survey of Malware Download Sites for A Long Period
 
RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)RPKI (Resource Public Key Infrastructure)
RPKI (Resource Public Key Infrastructure)
 
Tech w22
Tech w22Tech w22
Tech w22
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
 
Engineering The New IP Transport
Engineering The New IP TransportEngineering The New IP Transport
Engineering The New IP Transport
 
Netflix CDN and Open Source
Netflix CDN and Open SourceNetflix CDN and Open Source
Netflix CDN and Open Source
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
 
Global Server Load Balancing with NS1 and NGINX
Global Server Load Balancing with NS1 and NGINXGlobal Server Load Balancing with NS1 and NGINX
Global Server Load Balancing with NS1 and NGINX
 
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetBroadband India Forum Session on IPv6: The Post-IPocalypse Internet
Broadband India Forum Session on IPv6: The Post-IPocalypse Internet
 
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGatePLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGate
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!
 
RPKI Tutorial
RPKI Tutorial RPKI Tutorial
RPKI Tutorial
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
 

Similar to Rapid Detection of BGP Anomalies

Detecting BGP Instability Using RQA
Detecting BGP Instability Using RQADetecting BGP Instability Using RQA
Detecting BGP Instability Using RQA
University of Kufa
 
BGP
BGPBGP
BGP
KHNOG
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
Bangladesh Network Operators Group
 
Recurrence Behaviour of BGP Traffic
Recurrence Behaviour of BGP TrafficRecurrence Behaviour of BGP Traffic
Recurrence Behaviour of BGP Traffic
University of Kufa
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Bangladesh Network Operators Group
 
Routing Security, Another Elephant in the Room
Routing Security, Another Elephant in the RoomRouting Security, Another Elephant in the Room
Routing Security, Another Elephant in the Room
RIPE NCC
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
BGP Anomaly Detection
BGP Anomaly DetectionBGP Anomaly Detection
BGP Anomaly Detection
University of Kufa
 
BGP Anomaly Detection
BGP Anomaly DetectionBGP Anomaly Detection
BGP Anomaly Detection
University of Kufa
 
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacksNSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NoSuchCon
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I started
Faelix Ltd
 
bgp-cum.pdf
bgp-cum.pdfbgp-cum.pdf
bgp-cum.pdf
RikulRajGupta
 
June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on
Videoguy
 
Myanmar Member Gathering
Myanmar Member GatheringMyanmar Member Gathering
Myanmar Member Gathering
APNIC
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bulls
Swapnil Kapate
 
BMP: the pa amb tomàquet your BGP monitoring was missing
BMP: the pa amb tomàquet your BGP monitoring was missingBMP: the pa amb tomàquet your BGP monitoring was missing
BMP: the pa amb tomàquet your BGP monitoring was missing
CSUC - Consorci de Serveis Universitaris de Catalunya
 
BGP Replay Tool (BRT) V0.1
BGP Replay Tool (BRT) V0.1BGP Replay Tool (BRT) V0.1
BGP Replay Tool (BRT) V0.1
University of Kufa
 
Introduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) Hermoso
MyNOG
 
RIPE NCC::Educa - 10 April 2018 - ARouteServer
RIPE NCC::Educa - 10 April 2018 - ARouteServerRIPE NCC::Educa - 10 April 2018 - ARouteServer
RIPE NCC::Educa - 10 April 2018 - ARouteServer
Pier Carlo Chiodi
 
Australia IPv6 Update, by Michael Biber [APNIC 38 / APIPv6TF]
Australia IPv6 Update, by Michael Biber [APNIC 38 / APIPv6TF]Australia IPv6 Update, by Michael Biber [APNIC 38 / APIPv6TF]
Australia IPv6 Update, by Michael Biber [APNIC 38 / APIPv6TF]
APNIC
 

Similar to Rapid Detection of BGP Anomalies (20)

Detecting BGP Instability Using RQA
Detecting BGP Instability Using RQADetecting BGP Instability Using RQA
Detecting BGP Instability Using RQA
 
BGP
BGPBGP
BGP
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
 
Recurrence Behaviour of BGP Traffic
Recurrence Behaviour of BGP TrafficRecurrence Behaviour of BGP Traffic
Recurrence Behaviour of BGP Traffic
 
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane ElectricLet's talk about routing security, Anurag Bhatia, Hurricane Electric
Let's talk about routing security, Anurag Bhatia, Hurricane Electric
 
Routing Security, Another Elephant in the Room
Routing Security, Another Elephant in the RoomRouting Security, Another Elephant in the Room
Routing Security, Another Elephant in the Room
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
BGP Anomaly Detection
BGP Anomaly DetectionBGP Anomaly Detection
BGP Anomaly Detection
 
BGP Anomaly Detection
BGP Anomaly DetectionBGP Anomaly Detection
BGP Anomaly Detection
 
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacksNSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I started
 
bgp-cum.pdf
bgp-cum.pdfbgp-cum.pdf
bgp-cum.pdf
 
June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on
 
Myanmar Member Gathering
Myanmar Member GatheringMyanmar Member Gathering
Myanmar Member Gathering
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bulls
 
BMP: the pa amb tomàquet your BGP monitoring was missing
BMP: the pa amb tomàquet your BGP monitoring was missingBMP: the pa amb tomàquet your BGP monitoring was missing
BMP: the pa amb tomàquet your BGP monitoring was missing
 
BGP Replay Tool (BRT) V0.1
BGP Replay Tool (BRT) V0.1BGP Replay Tool (BRT) V0.1
BGP Replay Tool (BRT) V0.1
 
Introduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) Hermoso
 
RIPE NCC::Educa - 10 April 2018 - ARouteServer
RIPE NCC::Educa - 10 April 2018 - ARouteServerRIPE NCC::Educa - 10 April 2018 - ARouteServer
RIPE NCC::Educa - 10 April 2018 - ARouteServer
 
Australia IPv6 Update, by Michael Biber [APNIC 38 / APIPv6TF]
Australia IPv6 Update, by Michael Biber [APNIC 38 / APIPv6TF]Australia IPv6 Update, by Michael Biber [APNIC 38 / APIPv6TF]
Australia IPv6 Update, by Michael Biber [APNIC 38 / APIPv6TF]
 

More from APNIC

IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
APNIC
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
APNIC
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC
 

More from APNIC (20)

IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
IPv6: Unlocking the Potential, presented by Paul Wilson at CommunicAsia 2024
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 

Recently uploaded

Decentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and EsportsDecentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and Esports
Federico Ast
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
dtagbe
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
GNAMBIKARAO
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
Emre Gündoğdu
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call GirlsBangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
narwatsonia7
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
Infosec train
 

Recently uploaded (11)

Decentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and EsportsDecentralized Justice in Gaming and Esports
Decentralized Justice in Gaming and Esports
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call GirlsBangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
Bangalore Call Girls 9079923931 With -Cuties' Hot Call Girls
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
 

Rapid Detection of BGP Anomalies

  • 1. Rapid Detection of BGP Anomalies Bahaa Al-Musawi, Philip Branch and Grenville Armitage balmusawi, pbranch, garmitage@swin.edu.au Internet for Things (I4T) Research Group Swinburne University of Technology
  • 2. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 2APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA Scheme § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
  • 3. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 3APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA Scheme § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
  • 4. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 4APNIC44 BGP Anomalies § BGP is the Internet's default inter-domain routing protocol § Managing NRI between ASes with guarantees of avoiding routing loops
  • 5. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 5APNIC44 BGP Anomalies § BGP is an incremental protocol § Routing Information Base (RIB) § Updates
  • 6. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 6APNIC44 BGP Anomalies § BGP is an incremental protocol § Routing Information Base (RIB) § Updates
  • 7. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 7APNIC44 BGP Anomalies § Real-world BGP traffic is a substantial volume traffic that do not appear related to events § It is difficult to define what is meant by an anomaly § We classify BGP traffic into § Unstable BGP traffic § Anomalous BGP traffic 1 B. Al-Musawi, P. Branch, and G. Armitage, “BGP Anomaly Detection Techniques: A Survey,” IEEE Communications Surveys Tutorials, vol. 19, no. 1, pp. 377–396, First quarter 2017
  • 8. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 8APNIC44 BGP Anomalies § A single BGP update is categorised as an anomalous update if § Contains an invalid AS number § Invalid or reserved IP prefixes § A prefix announced by an illegitimate AS § A set of BGP updates are classified as an anomaly if § Show a rapid change in the number of BGP updates § Containing longest and shortest paths § Changes in the behaviour of total BGP traffic over time
  • 9. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 9APNIC44 BGP Anomalies § A single BGP update is categorised as an anomalous update if § Contains an invalid AS number § Invalid or reserved IP prefixes § A prefix announced by an illegitimate AS § A set of BGP updates are classified as an anomaly if § Show a rapid change in the number of BGP updates § Containing longest and shortest paths § Changes in the behaviour of total BGP traffic over time
  • 10. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 10APNIC44 BGP Anomalies § BGP traffic has been characterised as § Complex § Noisy § Voluminous, BGP speakers generate up to a GB of BGP traffic/day Sample of BGP traffic sent by peer AS197264
  • 11. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 11APNIC44 BGP Anomalies § BGP anomaly detection § Can differentiate between unstable and anomalous traffic § Can rapidly detect BGP anomalies § 20% of anomalies can affect 90% of the Internet < 2 minutes § A lightweight and can work in real-time 1 X. Shi, Y. Xian, Z. Wang, X. Yin, and J. Wu, “Detecting prefix Hijacking in the Internet with Argus,” in Proceeding of the 2012 ACM Conference on Internet Measurement Conference, IMC’12, 2012
  • 12. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 12APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA Scheme § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
  • 13. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 13APNIC44 Detecting BGP Anomalies using RQA Scheme § We model BGP speakers as dynamic systems § Our modelling uses phase plane concepts http://www.acs.psu.edu/drussell/Demos/phase-diagram/phase-diagram.html
  • 14. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 14APNIC44 Detecting BGP Anomalies using RQA Scheme § We model BGP speakers as dynamic systems § Our modelling uses phase plane concepts https://en.wikipedia.org
  • 15. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 15APNIC44 Detecting BGP Anomalies using RQA Scheme § The outcomes of our modelling § Deterministic § Stable § Non-linear § Recurrent
  • 16. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 16APNIC44 Detecting BGP Anomalies using RQA Scheme § Recurrence Quantification Analysis (RQA) § An advanced non-linear analysis technique based on a phase plane concepts § Has multiple measurements § RR, probability that a system will recurs after N time states § TT, how long a system remains in a specific state § T2, a measure of time taken to move taken to move from one state to another
  • 17. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 17APNIC44 Detecting BGP Anomalies using RQA Scheme
  • 18. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 18APNIC44 Detecting BGP Anomalies using RQA 1040-1060 seconds from 1 to 3
  • 19. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 19APNIC44 Detecting BGP Anomalies using RQA Scheme RQA Scheme Design
  • 20. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 20APNIC44 Detecting BGP Anomalies using RQA Scheme § BGP Controlled Testbed § Lack of time-stamp information for past BGP events § Provide ground truth validation § Helps to understand BGP behaviour at BGP speaker level § It also helps to classify BGP updates
  • 21. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 21APNIC44 BGP Controlled Testbed § Virtual Internet Routing Lab (VIRL) § Linux KVM hypervisor § OpenStack § A set of virtual machines running real Cisco operating systems § BRT, a tool to replay past BGP updates with time stamps § Uses Net::BGP and Multiprotocol Extensions for BGP, RFC4760 § Supports different BGP attributes, IPv6 BGP updates and peering § Evaluated using real Cisco router, VIRL, and Quagga
  • 22. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 22APNIC44 BGP Controlled Testbed
  • 23. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 23APNIC44 BGP Controlled Testbed After 2950 seconds from injecting BGP traffic
  • 24. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 24APNIC44 BGP Controlled Testbed BGP volume and average AS-PATH length features of as20r1
  • 25. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 25APNIC44 BGP Controlled Testbed T2 measurement for BGP volume feature RR measurement for average AS-PATH length feature
  • 26. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 26APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA Scheme § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
  • 27. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 27APNIC44 RQA Scheme Evaluation § TP: Number of anomalies classified as anomalies § TN: Number of normal events classified as normal § FP: Number of normal events classified as anomalous § FN: Number of anomalous events classified as normal
  • 28. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 28APNIC44 RQA Scheme Evaluation § TP: Number of anomalies classified as anomalies § TN: Number of normal events classified as normal § FP: Number of normal events classified as anomalous § FN: Number of anomalous events classified as normal Event Type of Anomaly Date Nimda DoS attack September 2001 TTNet BGP misconfiguration December 2004 Mosco blackout Hardware failure May 2005 TMnet BGP misconfiguration June 2015
  • 29. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 29APNIC44 RQA Scheme Evaluation-TTNet event BGP Traffic sent by the peer AS12793 at rrc05
  • 30. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 30APNIC44 RQA Scheme Evaluation-TTNet event Hidden anomalous behaviour-stop sending BGP updates for two minutes
  • 31. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 31APNIC44 RQA Scheme Evaluation-TTNet event Hidden anomalous period in the underlying system behaviour
  • 32. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 32APNIC44 RQA Scheme Evaluation § Applying RQA scheme over 1233794 seconds (14.28 days or 342.72 hours) § An average of one FP alarm every 42.84 hours Event TP TN FP FN Nimda 7 421405 5 0 TTNet 6 85201 0 0 Mosco blackout 9 597376 3 0 TMnet 8 85205 0 0 Summary 30 1233739 8 0
  • 33. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 33APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusion
  • 34. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 34APNIC44 Real-time BGP Anomaly Detection Tool (RBADT) § BGP collector § Net::BGP does not support IPV6 prefixes/connection § Develop a patch based on Multiprotocol Extensions for BGP, RFC4760
  • 35. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 35APNIC44 Real-time BGP Anomaly Detection Tool (RBADT) § Emulate TMNet event by injecting BGP traffic using BRT § TMNet an example of BGP misconfiguration § AS4788 announced 179,0000 prefixes to level3 § Significant packet loss § Slow Internet service around the world
  • 36. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 36APNIC44 Real-time BGP Anomaly Detection Tool (RBADT)
  • 37. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 37APNIC44 Real-time BGP Anomaly Detection Tool (RBADT) § Detecting high volume of BGP traffic § High volume time 3782 seconds, detection time 3784 seconds
  • 38. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 38APNIC44 BGP Controlled Testbed § Detecting hidden anomalous period in the underlying system behaviour § 6984-7046 seconds Detection at 7065 seconds
  • 39. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 39APNIC44 Outline § BGP Anomalies § Detecting BGP Anomalies using RQA § RQA Scheme Evaluation § Real-time BGP Anomaly Detection Tool (RBADT) § Conclusions
  • 40. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 40APNIC44 Conclusions § BGP is vulnerable to different types of attacks § Detecting BGP anomalies is a challenge § A technique is needed to rapidly differentiate between unstable and anomalous BGP traffic § BGP speakers are stable, non-linear, and deterministic § RQA can rapidly detect BGP anomalies § RQA can detect hidden abnormal behaviours that may pass without observation § RQA can detect BGP anomalies with an average of one FP alarm every 42.84 hours
  • 41. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 41APNIC44 Acknowledgements § BGP Replay Tool (BRT) v0.2 and RBADT v0.1 (under development) was supported under part by "APNIC Internet Operations Research Grant" under the ISIF Asia 2016 grant scheme ISIF Asia 2016 grant recipients § VIRL team at Cisco for providing free license and support
  • 42. http://i4t.swin.edu.au {balmusawi, pbranch, garmitage}@swin.edu.au 12 September 2017 42APNIC44 Useful links and sources § Rapid detection of BGP anomalies- project http://caia.swin.edu.au/tools/bgp/brt/ § B. Al-Musawi, P. Branch, and G. Armitage, " Detecting BGP Instability Using Recurrence Quantification Analysis", in 34th International Performance Computing and Communications Conference (IPCCC), 14 - 16 December 2015 § B. Al-Musawi, P. Branch, and G. Armitage, “BGP Anomaly Detection Techniques: A Survey,” IEEE Communications Surveys Tutorials, vol. 19, no. 1, pp. 377–396, First quarter 2017 § B. Al-Musawi, P. Branch, and G. Armitage, “Recurrence Behaviour of BGP Traffic,” in International Telecommunication Networks and Applications Conference (ITNAC) 2017, Melbourne, Australia, 22 November 2017 § B. Al-Musawi, R. Al-Saadi, P. Branch and G. Armitage,”BGP Replay Tool (BRT) v0.2,” I4T Research Lab, Swinburne University of Technology, Melbourne, Australia, Tech. Rep. I4TRL-TR-170606A, 06 June 2017. [Online]. Available: http://i4t.swin.edu.au/reports/I4TRL-TR-170606A.pdf