VIS-SENSE

Border Gateway Protocol visualization

BGP (Border Gateway Protocol) visualization for the detection and attribution of BGP MOAS (Multiple Origin ASes) incidents. Multiple features are extracted from the BGP announcements that quantify the degree of anomaly of each MOAS event. These features are visualized using a parallel coordinates visualization, which further facilitates the task of filtering and focusing on the most important MOAS incidents. The graph based visualization depicts the ASes (Autonomous Systems) that are involved in each event.

This specific video illustrates the steps followed by the analyst so as to focus on the most interesting event and detect the famous “Pakistan-YouTube” hijacking incident, which occurred on 24-Feb-2008.

 

BGP visualization video