Bayesian detection of router configuration anomalies

Khalid El-Arini, Kevin Killourhy
2005 Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data - MineNet '05  
Problems arising from router misconfigurations cost time and money. The first step in fixing such misconfigurations is finding them. Previous efforts to solve this problem have depended on an a priori model of what constitutes a correct configuration and are limited to finding deviations from this model, but fail to detect misconfigurations that are uncommon or unexpected. In this paper, we propose a method for detecting misconfigurations that does not rely on a priori expectations of their
more » ... . Our hypothesis is that misconfigurations in router data can be identified as statistical anomalies within a Bayesian framework. We present three detection algorithms based on this framework and show that they are able to detect errors in the router configuration files of a university network. We show how these algorithms detect certain types of misconfiguration successfully, and discuss how they could be extended to detect more subtle misconfigurations.
doi:10.1145/1080173.1080190 dblp:conf/minenet/El-AriniK05 fatcat:kddto7nexfaolngaovfki4urey