What is the time-interval threshold to determine whether we consider
Download
Report
Transcript What is the time-interval threshold to determine whether we consider
A Visual Exploration Process for the
Analysis of Internet Routing Data
Soon Tee Teoh
Kwan-Liu Ma
S. Felix Wu
Presented by Zhenzhen Yan
April. 11, 2007
Problem
• Protect Internet against various forms
of attacks, malicious uses, and errors.
• Interactive visualization for the
analysis of Internet routing data.
Motivation
The Internet pervades many aspects
of our lives:
• Commerce -An Accenture survey has found that the majority of
consumers use the Internet as part of the shopping process even if
they go to stores to purchase or pick up items.
• Education
• Government
• Production and general information
dissemination
Motivation Cont’d
• The Internet is vulnerable to attacks
and errors.
-Researchers Estimate Worst-Case Worm
Damage at $50 Billion (ENT news).
-Affect people in other unquantifiable ways.
IP Prefix
Example:
128.120.0.0/16
128.120.
AS
• One or more networks within a single
administrative domain is referred to as an
Autonomous System (AS), and is
assigned a unique AS number.
BGP
• Border Gateway Protocol (BGP) is used to
exchange network reachability information
so that routers can eventually forward data
packets to the correct destination.
BGP announcement
Example:
128.120.0.0/16: (7,23,92)
AS-7
AS-23
128.120.0.0/16: WD
AS-92 (Origin)
(no longer reachable)
The Data
• The Oregon Route Views server
• 2000 and 2001
• Observation point
Approach
1. Aggregate Data Browsing Module
“Are there any patterns or clusters in the timing
of the announcements?”
2. Route Announcement Module
What is the time-interval threshold to
determine whether we consider a
sequence of announcements part of the
same “event”?
3. Node/Link Visualization Module
4. Peer-Comparison Module
5. Events Visualization module
Evaluation
• The user has been able to detect instances of known
types of instability events as well as identify new types,
and further classify known types.
• The user was able to quickly identify faster paths,
preferred paths, slow points, points of failure, as well as
hypothesize about the sequence of events that led to the
observations. The user also discovered new sub-classes
of instability events through visualization.
• Very positive feedback from the network analysts and
Internet researchers who have seen and used the
visualization software.
Conclusions
•
•
•
•
Two-level (overview+detail) system.
Visualize text with timestamps.
Arcs visualization.
EventShrubs.
Questions
• Why do the EventShrubs of Terralycos and
Yahoo (Microsoft and Realnetworks) show
similarity?
• What will you do to better evaluate these
methods?
• What other applications are likely to use
these interactive visualization techniques?