The state of the art in BGP visualization tools: A mapping of visualization techniques to cyberattack types

State of the Art survey on Border Gateway Protocol security visualization tools
Parallel timeline of attacks on the BGP system (bottom) and the tools that have been proposed to visualize them (top). The bottom nodes and the corresponding edges are colored categorically by the type of attack. Each tool is connected to the specific attacks that were used to demonstrate or validate the tool design and are colored to show the number of connected attacks. We have also encoded the edges that connect the specific tools to the attacks with color indicating the attack type to help show patterns in how tool development is changing over time and to answer the question of whether or not the tools are evolving with the threat landscape.
Internet routing is largely dependent on Border Gateway Protocol (BGP). However, BGP does not have any inherent authentication or integrity mechanisms that help make it secure. Effective security is challenging or infeasible to implement due to high costs, policy employment in these distributed systems, and unique routing behavior. Visualization tools provide an attractive alternative in lieu of traditional security approaches. Several BGP security visualization tools have been developed as a stop-gap in the face of ever-present BGP attacks. Even though the target users, tasks, and domain remain largely consistent across such tools, many diverse visualization designs have been proposed. The purpose of this study is to provide an initial formalization of methods and visualization techniques for BGP cybersecurity analysis. Using PRISMA guidelines, we provide a systematic review and survey of 29 BGP visualization tools with their tasks, implementation techniques, and attacks and anomalies that they were intended for. We focused on BGP visualization tools as the main inclusion criteria to best capture the visualization techniques used in this domain while excluding solely algorithmic solutions and other detection tools that do not involve user interaction or interpretation. We take the unique approach of connecting (1) the actual BGP attacks and anomalies used to validate existing tools with (2) the techniques employed to detect them. In this way, we contribute an analysis of which techniques can be used for each attack type. Furthermore, we can see the evolution of visualization solutions in this domain as new attack types are discovered. This systematic review provides the groundwork for future designers and researchers building visualization tools for providing BGP cybersecurity, including an understanding of the state-of-the-art in this space and an analysis of what techniques are appropriate for each attack type. Our novel security visualization survey methodology—connecting visualization techniques with appropriate attack types—may also assist future researchers conducting systematic reviews of security visualizations. All supplemental materials are available at
PDF | Preprint | DOI | Supplement | Video Preview | Video Preview (Archive) | Video Presentation | BibTeX

Cody Dunne, Vis Lab — Northeastern University
West Village H, Room 302F
440 Huntington Ave, Boston, MA 02115, USA