| Detecting network-wide and router-specific misconfigurations through data mining |
| Full text |
 Pdf
(555 KB)
|
| Source
|
IEEE/ACM Transactions on Networking (TON)
archive
Volume 17 , Issue 1 (February 2009)
table of contents
Pages 66-79
Year of Publication: 2009
ISSN:1063-6692
|
|
Authors
|
|
Franck Le
|
Carnegie Mellon University, Pittsburgh, PA
|
|
Sihyung Lee
|
Carnegie Mellon University, Pittsburgh, PA
|
|
Tina Wong
|
Carnegie Mellon University, Pittsburgh, PA
|
|
Hyong S. Kim
|
Carnegie Mellon University, Pittsburgh, PA
|
|
Darrell Newcomb
|
Network Operations, Corporation for Education Network Initiatives in California, Cypress, CA
|
|
| Publisher |
IEEE Press
Piscataway, NJ, USA
|
| Bibliometrics |
Downloads (6 Weeks): 20, Downloads (12 Months): 180, Citation Count: 0
|
|
|
 ABSTRACT
Recent studies have shown that router misconfigurations are common and can have dramatic consequences to the operations of a network. Misconfigurations can compromise the security of an entire network or even cause global disruptions to Internet connectivity. Several solutions have been proposed. They can detect a number of problems in real configuration files. However, these solutions share a common limitation: they are based on rules which need to be known beforehand. Violations of these rules are deemed misconfigurations. As policies typically differ among networks, these approaches are limited in the scope of mistakes they can detect. In this paper, we address the problem of router misconfigurations using data mining. We apply association rules mining to the configuration files of routers across an administrative domain to discover local, network-specific policies. Deviations from these local policies are potential misconfigurations. We have evaluated our scheme on configuration files from a large state-wide network provider, a large university campus and a high-performance research network. In this evaluation, we focused on three aspects of the configurations: user accounts, interfaces and BGP sessions. User accounts specify the users that can access the router and define the authorized commands. Interfaces are the ports used by routers to connect to different networks. Each interface may support a number of services and run various routing protocols. BGP sessions are the connections with neighboring autonomous systems (AS). BGP sessions implement the routing policies which select the routes that are filtered and the ones that are advertised to the BGP neighbors. We included the routing policies in our study. The results are promising. We discovered a number of errors that were confirmed and corrected by the network administrators. These errors would have been difficult to detect with current predefined rule-based approaches.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
| |
2
|
|
 |
3
|
Ratul Mahajan , David Wetherall , Tom Anderson, Understanding BGP misconfiguration, Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, August 19-23, 2002, Pittsburgh, Pennsylvania, USA
|
| |
4
|
B. J. P. Alin, C. Popescu, and T. Underwood, "Anatomy of a leak: AS9121 (or, "How we learned to start worrying and hate maximum prefix limits")," presented at the NANOG34 Meeting, Seattle, WA, May 2005.
|
| |
5
|
A. Feldmann and J. Rexford, "IP network configuration for intradomain traffic engineering," IEEE Network, vol. 15, no. 5, pp. 46-57, Sep./Oct. 2001.
|
| |
6
|
D. Caldwell, A. Gilbert, J. Gottlieb, A. Greenberg, G. Hjalmtysson, and J. Rexford, "The cutting EDGE of IP router configuration," presented at the ACM SIGCOMM HotNets-II Workshop, Cambridge, MA, Nov. 2003.
|
| |
7
|
The Router Audit Tool (RAT). [Online]. Available: http://www.cisecurity.org/bench_cisco.html
|
| |
8
|
|
| |
9
|
David A. Maltz , Geoffrey Xie , Jibin Zhan , Hui Zhang , Gísli Hjálmtýsson , Albert Greenberg, Routing design in operational networks: a look from the inside, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
|
| |
10
|
"Router Security Configuration Guide System and Network Attack Center" National Security Agency, 2003 [Online]. Available: http://www.nsa.gov/snac/routers/cisco_scg-1.1b.pdf
|
| |
11
|
G. G. Xie, J. Zhan, D. A. Maltz, H. Zhang, A. Greenberg, G. Hjalmtysson, and J. Rexford, "On static reachability analysis of IP networks," in Proc. IEEE INFOCOM, Miami, FL, May 2005, pp. 2170-2183.
|
| |
12
|
Rakesh Agrawal , Tomasz Imieliński , Arun Swami, Mining association rules between sets of items in large databases, Proceedings of the 1993 ACM SIGMOD international conference on Management of data, p.207-216, May 25-28, 1993, Washington, D.C., United States
|
| |
13
|
T. Uno, M. Kiyomi, and H. Arimura, "LCM ver.2: Efficient mining algorithms for frequent/closed/maximal itemsets," presented at the IEEE Int. Conf. Data Mining (ICDM'04) Workshop on Frequent Itemset Mining Implementations (FIMI'04), Brighton, U.K., Nov. 2004.
|
| |
14
|
Common Information Model (CIM) Standards, Distributed Management Task Force, Inc. [Online]. Available: http://www.dmtf.org/standards/cim/
|
| |
15
|
Cisco Netsys Connectivity Service Manager. Cisco, San Jose, CA [Online]. Available: www.cisco.com
|
| |
16
|
Dawson Engler , David Yu Chen , Seth Hallem , Andy Chou , Benjamin Chelf, Bugs as deviant behavior: a general approach to inferring errors in systems code, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
|
| |
17
|
B. Fortz and M. Thorup, "Internet traffic engineering by optimizing OSPF weights," in Proc. IEEE INFOCOM, Tel Aviv, Israel, Mar. 2000, pp. 519-528.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
C.2