Characterizing inter-domain rerouting by betweenness centrality after disruptive events

Rerouting is not uncommon in nowadays Internet because it can be triggered by many root causes, such as network faults, routing attacks, etc. However, few methods effectively characterize rerouting in the whole Internet. In this paper, inspired by a well known network science metric-betweenness centrality, we propose a new approach to characterize inter-domain reroutings. By defining and analysing the variation of AS betweenness centrality for neighbouring- destination routes and global routes separately, our method empowers users to identify the temporal, topological, and relational characteristics of route changes. We apply our method to investigate the Internet's reactions to four different disruptive events, including Japan earthquake in March 2011, SEA-ME-WE 4 cable fault in April 2010, routing attack on YouTube in February 2008, and AS4761 hijacking event in January 2011. This examination reveals many new insights. For example, the route flapping and the congestion caused by the side-effect of rerouting after cable faults significantly degraded path quality. Moreover, direct providers of attackers and victims are the most critical positions for amplifying impact of prefix hijacking attacks. Such results shed light on how to implement effective reactions to network faults and how to deploy efficient defense mechanisms against routing attacks.