The State of the Art in BGP Visualization Tools: A Mapping of Visualization Techniques to Cyberattack Types



Justin Raynor, Tarik Crnovrsanin, Sara Di Bartolomeo, Laura South, David Saffo, Cody Dunne

 View presentation:2022-10-20T20:45:00ZGMT-0600Change your timezone on the schedule page
2022-10-20T20:45:00Z

Exemplar figure, described by caption below — Parallel timeline of attacks on the BGP system (bottom) and the tools that have been proposed to visualize them (top). The bottom nodes and the corresponding edges are colored categorically by the type of attack. Each tool is connected to the specific attacks that were used to demonstrate or validate the tool design and are colored to show the number of connected attacks. We have also encoded the edges that connect the specific tools to the attacks with color indicating the attack type to help show patterns in how tool development is changing over time and to answer the question of whether or not the tools are evolving with the threat landscape.

Prerecorded Talk

The live footage of the talk, including the Q&A, can be viewed on the session page, Infrastructure Management.

Fast forward

Abstract

Internet routing is largely dependent on Border Gateway Protocol (BGP). However, BGP does not have any inherent authentication or integrity mechanisms that help make it secure. Effective security is challenging or infeasible to implement due to high costs, policy employment in these distributed systems, and unique routing behavior. Visualization tools provide an attractive alternative in lieu of traditional security approaches. Several BGP security visualization tools have been developed as a stop-gap in the face of ever-present BGP attacks. Even though the target users, tasks, and domain remain largely consistent across such tools, many diverse visualization designs have been proposed. The purpose of this study is to provide an initial formalization of methods and visualization techniques for BGP cybersecurity analysis. Using PRISMA guidelines, we provide a systematic review and survey of 29 BGP visualization tools with their tasks, implementation techniques, and attacks and anomalies that they were intended for. We focused on BGP visualization tools as the main inclusion criteria to best capture the visualization techniques used in this domain while excluding solely algorithmic solutions and other detection tools that do not involve user interaction or interpretation. We take the unique approach of connecting (1) the actual BGP attacks and anomalies used to validate existing tools with (2) the techniques employed to detect them. In this way, we contribute an analysis of which techniques can be used for each attack type. Furthermore, we can see the evolution of visualization solutions in this domain as new attack types are discovered. This systematic review provides the groundwork for future designers and researchers building visualization tools for providing BGP cybersecurity, including an understanding of the state-of-the-art in this space and an analysis of what techniques are appropriate for each attack type. Our novel security visualization survey methodology---connecting visualization techniques with appropriate attack types---may also assist future researchers conducting systematic reviews of security visualizations. All supplemental materials are available at https://osf.io/tupz6/.