The present invention relates to an automated Internet Monitoring and Alerting System that produces alerts for situational awareness purposes.
More specifically, the invention relates to an Internet Monitoring and Alerting System that provides analytic capabilities for the Internet as a complete system by utilizing the information found in routing message streams such as those from Border Gateway Protocol (BGP).
BGP message streams provide details about how information is routed across the Internet for specific Internet Protocol (IP) address ranges. Other message streams also provide this detail, including Open Shortest Path First (OSPF). These message streams are utilized by converting the messages into a common internal format.
The individual analytic components fall into two basic categories: those that characterize behaviors of protocols and those that exploit specifics of protocols. In the case of BGP, the protocol-specific analytics are hijacked prefix and hijacked route detection, and the behaviors based analytics are Hidden Markov Models (HMM), Tensor Decomposition, and Graph-based topology analysis (both static and dynamic analyses).