Inter-AS routing anomalies: Improved detection and classification

Wübbeling, Matthias; Elsner, Till; Meier, Michael

doi:10.1109/cycon.2014.6916405

Cited by 8 publications

(3 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These groups were collected with an average duration of 3 days per group. During these periods many changes in BGP behavior, such as BGP hijacking [13], worm attack [14], and link failures [15], are detected. The collected groups contain the following: the peak day of an anomaly, one day prior, and one day after the anomaly.…”

Section: Bgp Data and Methodologymentioning

confidence: 99%

Improving anomaly detection in BGP time-series data by new guide features and moderated feature selection algorithm

Hashem¹,

Bashandy²,

Shaheen³

2019

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

The Internet infrastructure relies on the Border Gateway Protocol (BGP) to provide essential routing information where abnormal routing behavior impairs global Internet connectivity and stability. Hence, employing anomaly detection algorithms is important for improving the performance of BGP routing protocol. In this paper, we propose two algorithms; the first is the guide feature generator (GFG), which generates guide features from traditional features in BGP time-series data using moving regression in combination with smoothed moving average. The second is a modified random forest feature selection algorithm which is employed to automatically select the most dominant features (ASMDF). Our mechanism shows that the detected anomalies are more realistic and the selected features are generally consistent across time series. Experimental evaluations using multiple machine learning models reveal that the proposed algorithms achieve up to 32.36% improvement in accuracy rate, up to 35.44% reduction in false negative rate, and up to 43.99% reduction in false positive rate compared to not using these algorithms. Moreover, the ASMDF option increases the feature selection speed more than 3 times compared to most existing feature selection algorithms.

show abstract

Section: Bgp Data and Methodologymentioning

confidence: 99%

Improving anomaly detection in BGP time-series data by new guide features and moderated feature selection algorithm

Hashem¹,

Bashandy²,

Shaheen³

2019

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

show abstract

“…BGP anomaly refers to harmful changes of BGP behavior that may cause thousands of anomalous BGP updates. A single BGP update is classified as an anomaly if it contains an invalid AS number, invalid or reserved IP prefixes, AS-PATH without a physical equivalent, etc [12]. In addition, a set of BGP updates can also be classified as an anomaly if the characteristics show a rapid change in the number of BGP updates, or contain longest and shortest paths, etc [13].…”

Section: Bgp Anomaly Detectionmentioning

confidence: 99%

A Multi-View Framework for BGP Anomaly Detection via Graph Attention Network

Peng¹,

Nie²,

Shu³

et al. 2021

Preprint

View full text Add to dashboard Cite

As the default protocol for exchanging routing reachability information on the Internet, the abnormal behavior in traffic of Border Gateway Protocols (BGP) is closely related to Internet anomaly events. The BGP anomalous detection model ensures stable routing services on the Internet through its realtime monitoring and alerting capabilities. Previous studies either focused on the feature selection problem or the memory characteristic in data, while ignoring the relationship between features and the precise time correlation in feature (whether it's long or short term dependence). In this paper, we propose a multi-view model for capturing anomalous behaviors from BGP update traffic, in which Seasonal and Trend decomposition using Loess (STL) method is used to reduce the noise in the original time-series data, and Graph Attention Network (GAT) is used to discover feature relationships and time correlations in feature, respectively. Our results outperform the state-of-the-art methods at the anomaly detection task, with the average F1 score up to 96.3% and 93.2% on the balanced and imbalanced datasets respectively. Meanwhile, our model can be extended to classify multiple anomalous and to detect unknown events.

show abstract

“…Anomalies are discrepancies or outliers that do not follow the desired pattern. An anomaly, in BGP, is generated from an update message if even one of the given circumstances is encountered -An Autonomous System number being used is invalid, or one or more IP prefixes being used are reserved or invalid, or the originating AS does not own the IP prefix being used, or two or more Autonomous Systems have announced the same IP prefix or the suggested route has no substantial equal, or the suggested route does not agree with regular routing decisions [3].…”

Section: Introductionmentioning

confidence: 99%

BGP Anomaly Detection using Decision Tree Based Machine Learning Classifiers

Bhatnagar¹,

Majumdar²,

Shukla*³

2019

IJITEE

View full text Add to dashboard Cite

Abstract: Border Gateway Protocol (BGP) is utilized to send and receive data packets over the internet. Over the years, this protocol has suffered from some massive hits, caused by worms, such as Nimda, Slammer, Code Red etc., hardware failures, and/or prefix hijacking. This caused obstruction of services to many. However, Identification of anomalous messages traversing over BGP allows discovering of such attacks in time. In this paper, a Machine Learning approach has been applied to identify such BGP messages. Principal Component Analysis technique was applied for reducing dimensionality up to 2 components, followed by generation of Decision Tree, Random Forest, AdaBoost and GradientBoosting classifiers. On fine tuning the parameters, the random forest classifier generated an accuracy of 97.84%, the decision tree classifier followed closely with an accuracy of 97.38%. The GradientBoosting Classifier gave an accuracy of 95.41% and the AdaBoost Classifier gave an accuracy of 94.43%.

show abstract

Inter-AS routing anomalies: Improved detection and classification

Cited by 8 publications

References 16 publications

Improving anomaly detection in BGP time-series data by new guide features and moderated feature selection algorithm

Improving anomaly detection in BGP time-series data by new guide features and moderated feature selection algorithm

A Multi-View Framework for BGP Anomaly Detection via Graph Attention Network

BGP Anomaly Detection using Decision Tree Based Machine Learning Classifiers

Contact Info

Product

Resources

About