Detecting BGP anomalies using machine learning techniques

Ding, Qingye; Li, Zhida; Batta, Prerna; Trajković, Ljiljana

doi:10.1109/smc.2016.7844751

Cited by 19 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SVM have been proven to work well with worm detection in BGP (e.g., [8,14,16]). More recently, Dai et al [13] proposed SVMbased BGP Anomaly Detection (SVM-BGPAD) using different SVM kernels and Fisher algorithm for feature selection.…”

Section: Ml-based Bgp Anomaly Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Sanchez

Ferlin

Pelsser

et al. 2019

Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Net

View full text Add to dashboard Cite

The Border Gateway Protocol (BGP) coordinates the connectivity and reachability among Autonomous Systems, providing efficient operation of the global Internet. Historically, BGP anomalies have disrupted network connections on a global scale, i.e., detecting them is of great importance. Today, Machine Learning (ML) methods have improved BGP anomaly detection using volume and path features of BGP's update messages, which are often noisy and bursty. In this work, we identified different graph features to detect BGP anomalies, which are arguably more robust than traditional features. We evaluate such features through an extensive comparison of different ML algorithms, i.e., Naive Bayes classifier (NB), Decision Trees (DT), Random Forests (RF), Support Vector Machines (SVM), and Multi-Layer Perceptron (MLP), to specifically detect BGP path leaks. We show that SVM offers a good trade-off between precision and recall. Finally, we provide insights into the graph features' characteristics during the anomalous and non-anomalous interval and provide an interpretation of the ML classifier results.

show abstract

Section: Ml-based Bgp Anomaly Detectionmentioning

confidence: 99%

“…The current ML-based works focus on worm attacks (i.e., [5,6,10,12,16,17]), while only a few (cf. [11,14]) have studied the combination of worm attacks, blackouts, and table leaks.…”

Section: Ml-based Bgp Anomaly Detectionmentioning

confidence: 99%

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Sanchez

Ferlin

Pelsser

et al. 2019

Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Net

View full text Add to dashboard Cite

show abstract

“…1) extracted from raw BGP data can be classi ied as: i) volume features, such as the number of announcements and withdrawals; ii) AS-PATH features, such as average AS-PATH length, and the maximum edit distance. Various work, using statistical features, achieved good performance on the detection of large-scale anomalies using conventional ML models such as SVM [8,9], Naive Bayes classi iers [8,9], decision trees [9] and deep learning [8,10].…”

Section: Statistical Featuresmentioning

confidence: 99%

“…1, part of the preprocessing may involve transforming them into either statistical features (i.e. count of announcements, preixes [8,9,10,11]) or graph features (e.g. eccentricity, centrality [12,11]).…”

Section: Introductionmentioning

confidence: 99%

Unsupervised representation learning for BGP anomaly detection using graph auto-encoders

Kevin Hoarau,

Pierre Ugo Tournoux,

Tahiry Razafindralambo

2024

ITU J-FET

View full text Add to dashboard Cite

The Border Gateway Protocol (BGP) is crucial for the communication routes of the Internet. Anomalies in BGP can pose a threat to the stability of the Internet. These anomalies, caused by a variety of factors, can be challenging to detect due to the massive and complex nature of BGP data traces. Various machine learning techniques have been employed to overcome this issue. The traditional approach involves the extraction of ad hoc features, which, although effective, results in a significant loss of information and may be biased towards a certain type of anomaly. A recent supervised machine learning pipeline learns representations from BGP graphs derived from BGP data traces. Although this solution achieves good anomaly detection results, the representations learned are specific to the types of anomalies within the training data. To overcome this limitation, in this paper, we propose to learn the representations of normal BGP behaviour in an unsupervised manner using a Graph Auto-Encoder (GAE). This approach ensures that the representations are not limited to the specific set of anomalies included in the training set. These representations associated with a Multi-Layer Perceptron (MLP)-based detector allowed to achieve an accuracy rate of 99% in detecting large-scale events, outperforming previous literature results.

show abstract

“…In recent years, most of the approaches towards addressing this escalating problem are based on machine learning (ML) [4][5][6][7] and deep learning (DL) techniques [8][9][10], and while these methods are effective in identifying the unusual patterns indicative of cyber threats, their implementation requires extensive data preprocessing and accurate data labeling to differentiate between normal and anomalous behaviors effectively. In addition, these techniques require time and resource-intensive training stages.…”

Section: Introductionmentioning

confidence: 99%

Median Absolute Deviation for BGP Anomaly Detection

Romo-Chavero,

Cantoral-Ceballos,

Pérez-Díaz

et al. 2024

Future Internet

View full text Add to dashboard Cite

The stability and reliability of the global Internet infrastructure heavily rely on the Border Gateway Protocol (BGP), a crucial protocol that facilitates the exchange of routing information among various Autonomous Systems, ensuring seamless connectivity worldwide. However, BGP inherently possesses a susceptibility to abnormal routing behaviors, potentially leading to significant connectivity disruptions. Despite extensive efforts, accurately detecting and effectively mitigating such abnormalities persist as tough challenges. To tackle these, this article proposes a novel statistical approach employing the median absolute deviation under certain constraints to proactively detect anomalies in BGP. By applying advanced analysis techniques, this research offers a robust method for the early detection of anomalies, such as Internet worms, configuration errors, and link failures. This innovative approach has been empirically validated, achieving an accuracy rate of 90% and a precision of 95% in identifying these disruptions. This high level of precision and accuracy not only confirms the effectiveness of the statistical method employed but also marks a significant step forward for enhancing the stability and reliability of the global Internet infrastructure.

show abstract

Detecting BGP anomalies using machine learning techniques

Cited by 19 publications

References 7 publications

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Unsupervised representation learning for BGP anomaly detection using graph auto-encoders

Median Absolute Deviation for BGP Anomaly Detection

Contact Info

Product

Resources

About