Article

Free access

Minerals: using data mining to detect router misconfigurations

Authors:

Darrell NewcombAuthors Info & Claims

MineNet '06: Proceedings of the 2006 SIGCOMM workshop on Mining network data

Pages 293 - 298

https://doi.org/10.1145/1162678.1162681

Published: 11 September 2006 Publication History

PDF eReader

Abstract

Recent studies have shown that router misconfigurations are common and have dramatic consequences for the operations of networks. Not only can misconfigurations compromise the security of a single network, they can even cause global disruptions in Internet connectivity. Several solutions have been proposed that can detect a number of problems in real configuration files. However, these solutions share a common limitation: they are rule-based. Rules are assumed to be known beforehand, and violations of these rules are deemed misconfigurations. As policies typically differ among networks, rule-based approaches are limited in the scope of mistakes they can detect. In this paper, we address the problem of router misconfigurations using data mining. We apply association rules mining to the configuration files of routers across an administrative domain to discover local, network-specific policies. Deviations from these local policies are potential misconfigurations. We have evaluated our scheme on configuration files from a large state-wide network provider, a large university campus and a high-performance research network, and found promising results. We discovered a number of errors that were confirmed and later corrected by the network engineers. These errors would have been difficult to detect with current rule-based approaches.

References

[1]

R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. In Proceedings of the ACM SIGMOD International Conference on Management of Data, 1993.

Digital Library

Google Scholar

[2]

B. J. P. Alin C. Popescu and T. Underwood. Anatomy of a Leak: AS9121 (or, "How We Learned To Start Worrying and Hate Maximum Prefix Limits"). In NANOG 34, 2005.

Google Scholar

[3]

D. Caldwell, A. Gilbert, J. Gottlieb, A. Greenberg, G. Hjalmtysson, and J. Rexford. The Cutting EDGE of IP Router Configuration. In Proceedings of HotNets-II, 2003.

Google Scholar

[4]

K. El-Arini and K. Killourhy. Bayesian Detection of Router Configuration Anomalies. In Sigcomm Workshop on Mining Network Data, 2005.

Digital Library

Google Scholar

[5]

N. Feamster and H. Balakrishnan. Detecting BGP Configuration Faults with Static Analysis. In Proceedings of NSDI, 2005.

Digital Library

Google Scholar

[6]

A. Feldmann and J. Rexford. IP Network Configuration for Intradomain Traffic Engineering. IEEE Network Magazine, 2001.

Digital Library

Google Scholar

[7]

E. F. Ian H. Witten. Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann, 2005.

Digital Library

Google Scholar

[8]

R. Mahajan, D. Wetherall, and T. Anderson. Understanding BGP Misconfiguration. In Proceedings of Sigcomm, 2002.

Digital Library

Google Scholar

[9]

D. Maltz, G. Xie, J. Zhan, H. Zhang, G. Hjalmtysson, and A. Greenberg. Routing Design in Operational Networks: A Look from the Inside. In Proceedings of Sigcomm, 2004.

Digital Library

Google Scholar

[10]

Router Security Configuration Guide. System and Network Attack Center, National Security Agency, 2003. Available at http://www.nsa.gov/snac/routers/cisco_scg-1.1b.pdf.

Google Scholar

[11]

The Router Audit Tool (RAT). http://www.cisecurity.org/bench_cisco.html.

Google Scholar

[12]

A. Wool. A Quantitative Study of Firewall Configuration Errors. IEEE Computer, 2004.

Digital Library

Google Scholar

[13]

G. G. Xie, J. Zhan, D. A. Maltz, H. Zhang, A. Greenberg, G. Hjalmtysson, and J. Rexford. On Static Reachability Analysis of IP Networks. In Proceedings of Infocom, 2005.

Crossref

Google Scholar

Cited By

View all

Kakarla SYan FBeckett R(2024)Diffy: Data-Driven Bug Finding for ConfigurationsProceedings of the ACM on Programming Languages10.1145/36563858:PLDI(199-222)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656385
Dias JSousa TRestivo AFerreira H(2020)A Pattern-Language for Self-Healing Internet-of-Things SystemsProceedings of the European Conference on Pattern Languages of Programs 202010.1145/3424771.3424804(1-17)Online publication date: 1-Jul-2020
https://dl.acm.org/doi/10.1145/3424771.3424804
Shin Y(2019)A VM-Based Detection Framework against Remote Code Execution Attacks for Closed Source Network DevicesApplied Sciences10.3390/app90712949:7(1294)Online publication date: 28-Mar-2019
https://doi.org/10.3390/app9071294
Show More Cited By

Index Terms

Minerals: using data mining to detect router misconfigurations

Recommendations

Detecting network-wide and router-specific misconfigurations through data mining

Recent studies have shown that router misconfigurations are common and can have dramatic consequences to the operations of a network. Misconfigurations can compromise the security of an entire network or even cause global disruptions to Internet ...
Mining Association Rules Based on Apriori Algorithm and Application
IFCSTA '09: Proceedings of the 2009 International Forum on Computer Science-Technology and Applications - Volume 01

In the data mining research, mining association rules is an important topic. Apriori algorithm submitted by Agrawal and R. Srikant in 1994 is the most effective algorithm. Aimed at two problems of discovering frequent itemsets in a large database and ...
An efficient pattern growth approach for mining fault tolerant frequent itemsets
Highlights
- Mining fault tolerant (FT) frequent itemsets are computationally expensive.
- ...
Abstract
Mining fault tolerant (FT) frequent itemsets from transactional databases are computationally more expensive than mining exact matching frequent itemsets. Previous algorithms mine FT frequent itemsets using Apriori heuristic. Apriori-...

Comments

Information & Contributors

Information

Published In

MineNet '06: Proceedings of the 2006 SIGCOMM workshop on Mining network data

September 2006

66 pages

ISBN:159593569X

DOI:10.1145/1162678

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 September 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SIGCOMM06

SIGCOMM06: ACM SIGCOMM 2006 Conference

September 11 - 15, 2006

Pisa, Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
724
Total Downloads

Downloads (Last 12 months)70
Downloads (Last 6 weeks)5

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kakarla SYan FBeckett R(2024)Diffy: Data-Driven Bug Finding for ConfigurationsProceedings of the ACM on Programming Languages10.1145/36563858:PLDI(199-222)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656385
Dias JSousa TRestivo AFerreira H(2020)A Pattern-Language for Self-Healing Internet-of-Things SystemsProceedings of the European Conference on Pattern Languages of Programs 202010.1145/3424771.3424804(1-17)Online publication date: 1-Jul-2020
https://dl.acm.org/doi/10.1145/3424771.3424804
Shin Y(2019)A VM-Based Detection Framework against Remote Code Execution Attacks for Closed Source Network DevicesApplied Sciences10.3390/app90712949:7(1294)Online publication date: 28-Mar-2019
https://doi.org/10.3390/app9071294
Dietrich CKrombholz KBorgolte KFiebig TLie DMannan MBackes MWang X(2018)Investigating System Operators' Perspective on Security MisconfigurationsProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243794(1272-1289)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243794
Apiletti DBaralis ECerquitelli TGarza PGiordano DMellia MVenturini L(2016)SeLINAIEEE Transactions on Network and Service Management10.1109/TNSM.2016.259744313:3(696-710)Online publication date: 1-Sep-2016
https://dl.acm.org/doi/10.1109/TNSM.2016.2597443
Apiletti DBaralis ECerquitelli TGarza PVenturini L(2016)SaFe-NeC: A scalable and flexible system for network data characterizationNOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS.2016.7502905(812-816)Online publication date: Apr-2016
https://doi.org/10.1109/NOMS.2016.7502905
Otsuka HWatanabe YMatsumoto Y(2015)Learning from Before and After Recovery to Detect Latent MisconfigurationProceedings of the 2015 IEEE 39th Annual Computer Software and Applications Conference - Volume 0310.1109/COMPSAC.2015.222(141-148)Online publication date: 1-Jul-2015
https://dl.acm.org/doi/10.1109/COMPSAC.2015.222
Li JXiao JAzzouz HHong JBoutaba R(2014)PowerGuide: Accurate Wi-Fi power estimator for smartphonesThe 16th Asia-Pacific Network Operations and Management Symposium10.1109/APNOMS.2014.6996567(1-6)Online publication date: Sep-2014
https://doi.org/10.1109/APNOMS.2014.6996567
Li FYang JZhang HLi SWang XWu J(2014)Evolution of network configurations: High-level analysis of an operational IP backbone networkThe 16th Asia-Pacific Network Operations and Management Symposium10.1109/APNOMS.2014.6996105(1-4)Online publication date: Sep-2014
https://doi.org/10.1109/APNOMS.2014.6996105
Li FYang JWu JZheng ZZhang HWang X(2014)Configuration analysis and recommendationComputer Communications10.1016/j.comcom.2014.07.01153:C(37-51)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1016/j.comcom.2014.07.011
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Detecting network-wide and router-specific misconfigurations through data mining

Mining Association Rules Based on Apriori Algorithm and Application

An efficient pattern growth approach for mining fault tolerant frequent itemsets

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations