Analysis of intrusion detection system (IDS) in border gateway protocol

Publication Type:
Thesis
Issue Date:
2012
Full metadata record
Border Gateway Protocol (BGP) is the de-facto inter-domain routing protocol used across thousands of Autonomous Systems (AS) joined together in the Internet. The main purpose of BGP is to keep routing information up-to-date across the Autonomous System (AS) and provide a loop free path to the destination. Internet connectivity plays a vital role in organizations such as in businesses, universities and government organisations for exchanging information. This type of information is exchanged over the Internet in the form of packets, which contain the source and destination addresses. Because the Internet is a dynamic and sensitive system which changes continuously, it is therefore necessary to protect the system from intruders. Security has been a major issue for BGP. Nevertheless, BGP suffers from serious threats even today, DoS attack is the major security threat to the Internet today, among which, is the TCP SYN flooding, the most common type of attack. The aim of this DoS attack is to consume large amounts of bandwidth. Any system connected to the Internet and using TCP services are prone to such attacks. It is important to detect such malicious activities in a network, which could otherwise cause problems for the availability of services. This thesis proposes and implements two new security methods for the protection of BGP data plane, “Analysis of BGP Security Vulnerabilities” and “Border Gateway Protocol Anomaly Detection using Failure Quality Control Method” to detect the malicious packets and the anomaly packets in the network. The aim of this work is to combine the algorithms with the Network Data Mining (NDM) method to detect the malicious packets in the BGP network. Furthermore, these patterns can be used in the database as a signature to capture the incidents in the future.
Please use this identifier to cite or link to this item: