[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
article

Detecting network-wide and router-specific misconfigurations through data mining

Published: 01 February 2009 Publication History

Abstract

Recent studies have shown that router misconfigurations are common and can have dramatic consequences to the operations of a network. Misconfigurations can compromise the security of an entire network or even cause global disruptions to Internet connectivity. Several solutions have been proposed. They can detect a number of problems in real configuration files. However, these solutions share a common limitation: they are based on rules which need to be known beforehand. Violations of these rules are deemed misconfigurations. As policies typically differ among networks, these approaches are limited in the scope of mistakes they can detect. In this paper, we address the problem of router misconfigurations using data mining. We apply association rules mining to the configuration files of routers across an administrative domain to discover local, network-specific policies. Deviations from these local policies are potential misconfigurations. We have evaluated our scheme on configuration files from a large state-wide network provider, a large university campus and a high-performance research network. In this evaluation, we focused on three aspects of the configurations: user accounts, interfaces and BGP sessions. User accounts specify the users that can access the router and define the authorized commands. Interfaces are the ports used by routers to connect to different networks. Each interface may support a number of services and run various routing protocols. BGP sessions are the connections with neighboring autonomous systems (AS). BGP sessions implement the routing policies which select the routes that are filtered and the ones that are advertised to the BGP neighbors. We included the routing policies in our study. The results are promising. We discovered a number of errors that were confirmed and corrected by the network administrators. These errors would have been difficult to detect with current predefined rule-based approaches.

References

[1]
A. Wool, "A quantitative study of firewall configuration errors," IEEE Computer, vol. 37, no. 6, pp. 62-67, Jun. 2004.
[2]
N. Feamster and H. Balakrishnan, "Detecting BGP configuration faults with static analysis," in Proc. NSDI, Boston, MA, May 2005, online.
[3]
R. Mahajan, D. Wetherall, and T. Anderson, "Understanding BGP misconfiguration," in Proc. ACM SIGCOMM, Pittsburgh, PA, Aug. 2002, pp. 3-16.
[4]
B. J. P. Alin, C. Popescu, and T. Underwood, "Anatomy of a leak: AS9121 (or, "How we learned to start worrying and hate maximum prefix limits")," presented at the NANOG34 Meeting, Seattle, WA, May 2005.
[5]
A. Feldmann and J. Rexford, "IP network configuration for intradomain traffic engineering," IEEE Network, vol. 15, no. 5, pp. 46-57, Sep./Oct. 2001.
[6]
D. Caldwell, A. Gilbert, J. Gottlieb, A. Greenberg, G. Hjalmtysson, and J. Rexford, "The cutting EDGE of IP router configuration," presented at the ACM SIGCOMM HotNets-II Workshop, Cambridge, MA, Nov. 2003.
[7]
The Router Audit Tool (RAT). {Online}. Available: http://www.cisecurity.org/bench_cisco.html
[8]
K. El-Arini and K. Killourhy, "Bayesian detection of router configuration anomalies," presented at the ACM SIGCOMM Workshop on Mining Network Data (MineNet'05), Philadelphia, PA, Aug. 2005.
[9]
D. Maltz, G. Xie, J. Zhan, H. Zhang, G. Hjalmtysson, and A. Greenberg, "Routing design in operational networks: A look from the inside," in Proc. ACM SIGCOMM, Portland, OR, Aug. 2004, pp. 27-40.
[10]
"Router Security Configuration Guide System and Network Attack Center" National Security Agency, 2003 {Online}. Available: http://www.nsa.gov/snac/routers/cisco_scg-1.1b.pdf
[11]
G. G. Xie, J. Zhan, D. A. Maltz, H. Zhang, A. Greenberg, G. Hjalmtysson, and J. Rexford, "On static reachability analysis of IP networks," in Proc. IEEE INFOCOM, Miami, FL, May 2005, pp. 2170-2183.
[12]
R. Agrawal, T. Imielinski, and A. Swami, "Mining association rules between sets of items in large databases," in Proc. ACM SIGMOD Int. Conf. Management of Data, Washington, DC, May 1993, pp. 207-216.
[13]
T. Uno, M. Kiyomi, and H. Arimura, "LCM ver.2: Efficient mining algorithms for frequent/closed/maximal itemsets," presented at the IEEE Int. Conf. Data Mining (ICDM'04) Workshop on Frequent Itemset Mining Implementations (FIMI'04), Brighton, U.K., Nov. 2004.
[14]
Common Information Model (CIM) Standards, Distributed Management Task Force, Inc. {Online}. Available: http://www.dmtf.org/standards/cim/
[15]
Cisco Netsys Connectivity Service Manager. Cisco, San Jose, CA {Online}. Available: www.cisco.com
[16]
D. Engler, D. Y. Chen, and A. Chou, "Bugs as inconsistent behavior: A general approach to inferring errors in systems code," presented at the 18th ACM Symp. Operating Systems Principles (SOSP'01), Banff, Canada, Oct. 2001.
[17]
B. Fortz and M. Thorup, "Internet traffic engineering by optimizing OSPF weights," in Proc. IEEE INFOCOM, Tel Aviv, Israel, Mar. 2000, pp. 519-528.

Cited By

View all
  • (2024)Accelerating ACL Configuration Update through Data Plane AnalysisProceedings of the 2024 SIGCOMM Workshop on Formal Methods Aided Network Operation10.1145/3672199.3673888(48-50)Online publication date: 4-Aug-2024
  • (2020)Finding network misconfigurations by automatic template inferenceProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388313(999-1014)Online publication date: 25-Feb-2020
  • (2016)Analysis of Ant Colony Optimization-based routing in optical networks in the presence of byzantine failuresInformation Sciences: an International Journal10.1016/j.ins.2016.01.008340:C(27-40)Online publication date: 1-May-2016
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking
IEEE/ACM Transactions on Networking  Volume 17, Issue 1
February 2009
346 pages

Publisher

IEEE Press

Publication History

Published: 01 February 2009
Revised: 05 June 2007
Received: 28 November 2006
Published in TON Volume 17, Issue 1

Author Tags

  1. association rules mining
  2. error detection
  3. network management
  4. static analysis

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Accelerating ACL Configuration Update through Data Plane AnalysisProceedings of the 2024 SIGCOMM Workshop on Formal Methods Aided Network Operation10.1145/3672199.3673888(48-50)Online publication date: 4-Aug-2024
  • (2020)Finding network misconfigurations by automatic template inferenceProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388313(999-1014)Online publication date: 25-Feb-2020
  • (2016)Analysis of Ant Colony Optimization-based routing in optical networks in the presence of byzantine failuresInformation Sciences: an International Journal10.1016/j.ins.2016.01.008340:C(27-40)Online publication date: 1-May-2016
  • (2015)Privacy-preserving quantification of cross-domain network reachabilityIEEE/ACM Transactions on Networking10.1109/TNET.2014.232098123:3(946-958)Online publication date: 1-Jun-2015
  • (2014)Data-driven Study of Network Administration in the Evolving Landscape of Software Defined NetworkingProceedings of the 2014 Workshop on Human Centered Big Data Research10.1145/2609876.2609880(14-18)Online publication date: 1-Apr-2014
  • (2014)Automatic test packet generationIEEE/ACM Transactions on Networking10.1109/TNET.2013.225312122:2(554-566)Online publication date: 1-Apr-2014
  • (2013)What you want is not what you getProceedings of the 2013 ACM workshop on Artificial intelligence and security10.1145/2517312.2517317(13-24)Online publication date: 4-Nov-2013
  • (2012)Automatic test packet generationProceedings of the 8th international conference on Emerging networking experiments and technologies10.1145/2413176.2413205(241-252)Online publication date: 10-Dec-2012
  • (2012)Discovering access-control misconfigurationsProceedings of the second ACM conference on Data and Application Security and Privacy10.1145/2133601.2133613(95-104)Online publication date: 7-Feb-2012
  • (2010)Uncertainty in interdependent security gamesProceedings of the First international conference on Decision and game theory for security10.5555/1947915.1947937(234-244)Online publication date: 22-Nov-2010

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media