Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP

Soon Tee Teoh; Ke Zhang; Shih Ming Tseng; Kwan Liu Ma; S. Felix Wu

doi:10.1145/1029208.1029215

Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP

Soon Tee Teoh
, Ke Zhang
, Shih Ming Tseng
, Kwan Liu Ma
, S. Felix Wu

Department of Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

54 Citations (Scopus)

Abstract

The security of Internet routing is a major concern because attacks and errors can result in data packets not reaching their intended destination and/ or falling into the wrong hands. A key step in improving routing security is to analyze and understand it. In the past, we and other researchers have presented various visual-based, statistical-based, and signature-based methods of analyzing Internet routing data. In this paper, we describe an integration of visual and automated data mining methods for discovering and investigating anomalies in Internet routing. We show how these different components are combined in such a way as to complement each other, creating a very effective and useful analysis tool. In addition to performing analysis on archived data, our system is able to collect, process and visualize data in near-real-time.

Original language	English
Title of host publication	VizSEC/DMSEC '04
Subtitle of host publication	Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security
Publisher	Association for Computing Machinery
Pages	35-44
Number of pages	10
ISBN (Print)	1581139748, 9781581139747
DOIs	https://doi.org/10.1145/1029208.1029215
Publication status	Published - 2004
Event	VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security - Washington, DC, United States Duration: 2004 Oct 29 → 2004 Oct 29

Publication series

Name	VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security

Conference

Conference	VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security
Country/Territory	United States
City	Washington, DC
Period	04-10-29 → 04-10-29

All Science Journal Classification (ASJC) codes

General Engineering

Access to Document

10.1145/1029208.1029215

Cite this

Teoh, S. T., Zhang, K., Tseng, S. M., Ma, K. L., & Wu, S. F. (2004). Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP. In VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (pp. 35-44). (VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security). Association for Computing Machinery. https://doi.org/10.1145/1029208.1029215

Teoh, Soon Tee ; Zhang, Ke ; Tseng, Shih Ming et al. / Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP. VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. Association for Computing Machinery, 2004. pp. 35-44 (VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security).

@inproceedings{5309908177254a06ad5502b8991e349f,

title = "Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP",

abstract = "The security of Internet routing is a major concern because attacks and errors can result in data packets not reaching their intended destination and/ or falling into the wrong hands. A key step in improving routing security is to analyze and understand it. In the past, we and other researchers have presented various visual-based, statistical-based, and signature-based methods of analyzing Internet routing data. In this paper, we describe an integration of visual and automated data mining methods for discovering and investigating anomalies in Internet routing. We show how these different components are combined in such a way as to complement each other, creating a very effective and useful analysis tool. In addition to performing analysis on archived data, our system is able to collect, process and visualize data in near-real-time.",

author = "Teoh, \{Soon Tee\} and Ke Zhang and Tseng, \{Shih Ming\} and Ma, \{Kwan Liu\} and Wu, \{S. Felix\}",

year = "2004",

doi = "10.1145/1029208.1029215",

language = "English",

isbn = "1581139748",

series = "VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security",

publisher = "Association for Computing Machinery",

pages = "35--44",

booktitle = "VizSEC/DMSEC '04",

note = "VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security ; Conference date: 29-10-2004 Through 29-10-2004",

}

Teoh, ST, Zhang, K, Tseng, SM, Ma, KL & Wu, SF 2004, Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP. in VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, Association for Computing Machinery, pp. 35-44, VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, Washington, DC, United States, 04-10-29. https://doi.org/10.1145/1029208.1029215

Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP. / Teoh, Soon Tee; Zhang, Ke; Tseng, Shih Ming et al.
VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. Association for Computing Machinery, 2004. p. 35-44 (VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP

AU - Teoh, Soon Tee

AU - Zhang, Ke

AU - Tseng, Shih Ming

AU - Ma, Kwan Liu

AU - Wu, S. Felix

PY - 2004

Y1 - 2004

N2 - The security of Internet routing is a major concern because attacks and errors can result in data packets not reaching their intended destination and/ or falling into the wrong hands. A key step in improving routing security is to analyze and understand it. In the past, we and other researchers have presented various visual-based, statistical-based, and signature-based methods of analyzing Internet routing data. In this paper, we describe an integration of visual and automated data mining methods for discovering and investigating anomalies in Internet routing. We show how these different components are combined in such a way as to complement each other, creating a very effective and useful analysis tool. In addition to performing analysis on archived data, our system is able to collect, process and visualize data in near-real-time.

AB - The security of Internet routing is a major concern because attacks and errors can result in data packets not reaching their intended destination and/ or falling into the wrong hands. A key step in improving routing security is to analyze and understand it. In the past, we and other researchers have presented various visual-based, statistical-based, and signature-based methods of analyzing Internet routing data. In this paper, we describe an integration of visual and automated data mining methods for discovering and investigating anomalies in Internet routing. We show how these different components are combined in such a way as to complement each other, creating a very effective and useful analysis tool. In addition to performing analysis on archived data, our system is able to collect, process and visualize data in near-real-time.

UR - https://www.scopus.com/pages/publications/13944272563

UR - https://www.scopus.com/pages/publications/13944272563#tab=citedBy

U2 - 10.1145/1029208.1029215

DO - 10.1145/1029208.1029215

M3 - Conference contribution

AN - SCOPUS:13944272563

SN - 1581139748

SN - 9781581139747

T3 - VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security

SP - 35

EP - 44

BT - VizSEC/DMSEC '04

PB - Association for Computing Machinery

T2 - VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security

Y2 - 29 October 2004 through 29 October 2004

ER -

Teoh ST, Zhang K, Tseng SM, Ma KL, Wu SF. Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP. In VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. Association for Computing Machinery. 2004. p. 35-44. (VizSEC/DMSEC '04: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security). doi: 10.1145/1029208.1029215

Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this