The state of the art in BGP visualization tools: A mapping of visualization techniques to cyberattack types

@Article{Raynor2022StateArtBgp,
  author   = {Raynor, Justin and Crnovrsanin, Tarik and Di~Bartolomeo, Sara and South, Laura and Saffo, David and Dunne, Cody},
  journal  = {IEEE Transactions on Visualization and Computer Graphics},
  title    = {The state of the art in {BGP} visualization tools: a mapping of visualization techniques to cyberattack types},
  year     = {2022},
  note     = {VIS '22. Preprint \& supplemental material: \url{https://osf.io/tupz6/}},
  pages    = {1--11},
  abstract = {Internet routing is largely dependent on Border Gateway Protocol (BGP). However, BGP does not have any inherent authentication or integrity mechanisms that help make it secure. Effective security is challenging or infeasible to implement due to high costs, policy employment in these distributed systems, and unique routing behavior. Visualization tools provide an attractive alternative in lieu of traditional security approaches. Several BGP security visualization tools have been developed as a stop-gap in the face of ever-present BGP attacks. Even though the target users, tasks, and domain remain largely consistent across such tools, many diverse visualization designs have been proposed. The purpose of this study is to provide an initial formalization of methods and visualization techniques for BGP cybersecurity analysis. Using PRISMA guidelines, we provide a systematic review and survey of 29 BGP visualization tools with their tasks, implementation techniques, and attacks and anomalies that they were intended for. We focused on BGP visualization tools as the main inclusion criteria to best capture the visualization techniques used in this domain while excluding solely algorithmic solutions and other detection tools that do not involve user interaction or interpretation. We take the unique approach of connecting (1) the actual BGP attacks and anomalies used to validate existing tools with (2) the techniques employed to detect them. In this way, we contribute an analysis of which techniques can be used for each attack type. Furthermore, we can see the evolution of visualization solutions in this domain as new attack types are discovered. This systematic review provides the groundwork for future designers and researchers building visualization tools for providing BGP cybersecurity, including an understanding of the state-of-the-art in this space and an analysis of what techniques are appropriate for each attack type. Our novel security visualization survey methodology—connecting visualization techniques with appropriate attack types—may also assist future researchers conducting systematic reviews of security visualizations. All supplemental materials are available at https://osf.io/tupz6/.},
  doi      = {10.1109/TVCG.2022.3209412},
  series   = {VIS/TVCG},
}