Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Sanchez, Odnan Ref; Ferlin, Simone; Pelsser, Cristel; Bush, Randy

doi:10.1145/3359992.3366640

Cited by 22 publications

(31 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This research applied just a single iteration by using just determining each node's authority scores and ranking it in descending because it has to determine the nodes with the highest authority values. After all, it described the node, which is more influential among other nodes (Sanchez et al, 2019).…”

Section: Hyper Text Induced Topic Searchmentioning

confidence: 99%

FNG-IE: an improved graph-based method for keyword extraction from scholarly big-data

Tahir

Asif

Ahmad

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

Keyword extraction is essential in determining influenced keywords from huge documents as the research repositories are becoming massive in volume day by day. The research community is drowning in data and starving for information. The keywords are the words that describe the theme of the whole document in a precise way by consisting of just a few words. Furthermore, many state-of-the-art approaches are available for keyword extraction from a huge collection of documents and are classified into three types, the statistical approaches, machine learning, and graph-based methods. The machine learning approaches require a large training dataset that needs to be developed manually by domain experts, which sometimes is difficult to produce while determining influenced keywords. However, this research focused on enhancing state-of-the-art graph-based methods to extract keywords when the training dataset is unavailable. This research first converted the handcrafted dataset, collected from impact factor journals into n-grams combinations, ranging from unigram to pentagram and also enhanced traditional graph-based approaches. The experiment was conducted on a handcrafted dataset, and all methods were applied on it. Domain experts performed the user study to evaluate the results. The results were observed from every method and were evaluated with the user study using precision, recall and f-measure as evaluation matrices. The results showed that the proposed method (FNG-IE) performed well and scored near the machine learning approaches score.

show abstract

Section: Hyper Text Induced Topic Searchmentioning

confidence: 99%

FNG-IE: an improved graph-based method for keyword extraction from scholarly big-data

Tahir

Asif

Ahmad

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…2) Graph features: More recently, some authors chose to leverage the underlying graph structure of BGP instead of the statistical features [18], [11]. These dynamic graphs reflect the evolution of the BGP topology where ASes are the graph's nodes and adjacent AS in AS-PATH are the graph's edges.…”

Section: Bgp Anomaly Detection Using Machine Learningmentioning

confidence: 99%

“…Statistical features have long been shown to be effective to detect large scale BGP anomalies. The effectiveness of graph features for that purpose has only recently been shown [18]. On one hand, large scale anomalies seem easier to detect due to their impacts and consequences on the Internet.…”

Section: Introductionmentioning

confidence: 99%

“…The authors of [2] use machine learning models to detect large scale events with statistical features and show the efficiency of the method. In [18], the authors study large scale events detection using graph features plugged into machine learning model and show that graph features have good performances. In this paper, we fill the gap in the literature by providing a performance comparison of machine learning models using graph features and statistical features for small scale and large scale BGP anomaly detection.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Suitability of Graph Representation for BGP Anomaly Detection

Hoarau

Tournoux

Razafindralambo

2021

2021 IEEE 46th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

The Border Gateway Protocol (BGP) is in charge of the route exchange at the Internet scale. Anomalies in BGP can have several causes (mis-configuration, outage and attacks). These anomalies are classified into large or small scale anomalies. Machine learning models are used to analyze and detect anomalies from the complex data extracted from BGP behavior. Two types of data representation can be used inside the machine learning models: a graph representation of the network (graph features) or a statistical computation on the data (statistical features). In this paper, we evaluate and compare the accuracy of machine learning models using graph features and statistical features on both large and small scale BGP anomalies. We show that statistical features have better accuracy for large scale anomalies, and graph features increase the detection accuracy by 15% for small scale anomalies and are well suited for BGP small scale anomaly detection.

show abstract

“…In developing our lightweight DDoS detector, we used grid search for finding the best hyperparameters and enhance the detector's accuracy, which is a novelty compared to existing DL and ML-based DDoS detection schemes. A similar approach has been used in [9] to improve accuracy but for BGP anomalies. While current trends focus on DL methods (e.g., [7]), this study looks into improving the capabilities of lightweight ML methods to their full potential using hyperparameter optimization.…”

Section: Introductionmentioning

confidence: 99%

Evaluating ML-based DDoS Detection with Grid Search Hyperparameter Optimization

Sanchez¹,

Repello

Carrega³

et al. 2021

2021 IEEE 7th International Conference on Network Softwarization (NetSoft)

Self Cite

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks disrupt global network services by mainly overwhelming the host victim with requests originating from multiple traffic sources. DDoS attacks are currently on the rise due to the ease of execution and rental of distributed architectures, which could potentially result in substantial revenue losses. Therefore, the detection and prevention of DDoS attacks are currently topics of high interest. In this study, we utilize traffic flow information to determine if a specific flow is associated with a DDoS attack. We evaluate traditional Machine Learning (ML) methods in developing our DDoS detector and utilize an exhaustive hyperparameter search to optimize the detection capability of each ML model. Our evaluation shows that most algorithms provide satisfactory results, with Random Forests achieving as high as 99% of detection accuracy, which is comparable to existing deep learning approaches.

show abstract

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Cited by 22 publications

References 30 publications

FNG-IE: an improved graph-based method for keyword extraction from scholarly big-data

FNG-IE: an improved graph-based method for keyword extraction from scholarly big-data

Suitability of Graph Representation for BGP Anomaly Detection

Evaluating ML-based DDoS Detection with Grid Search Hyperparameter Optimization

Contact Info

Product

Resources

About