The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior

Lutu, Andra; Bagnulo, Marcelo; Pelsser, Cristel; Maennel, Olaf; Cid-Sueiro, J.

doi:10.1109/tnet.2015.2413838

Cited by 15 publications

(11 citation statements)

References 24 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous work already showed that SVM [13], NB [5], DT [24], and NN [10] provided satisfactory results in detecting anomalies in BGP. In addition, these techniques are the most common binary classification methods [25], which are appropriate in classifying between anomalous and non-anomalous events.…”

Section: Machine Learning Algorithmsmentioning

confidence: 94%

“…In this paper, we provide a rigorous evaluation of the aforementioned graph features through an extensive comparison of different ML algorithms used in BGP anomaly detection, i.e., Naive Bayes classifier (NB) [5], Decision Trees (DT) [24], Random Forests (RF), Support Vector Machines (SVM) [13], and Neural Networks (NN) [10], that use graph features to detect BGP path leaks. Our results indicate that these algorithms are able to detect anomalies, which demonstrate that graph features do not depend on any ML method to show their strength as data input predictors.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Sanchez

Ferlin

Pelsser

et al. 2019

Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Net

Self Cite

View full text Add to dashboard Cite

The Border Gateway Protocol (BGP) coordinates the connectivity and reachability among Autonomous Systems, providing efficient operation of the global Internet. Historically, BGP anomalies have disrupted network connections on a global scale, i.e., detecting them is of great importance. Today, Machine Learning (ML) methods have improved BGP anomaly detection using volume and path features of BGP's update messages, which are often noisy and bursty. In this work, we identified different graph features to detect BGP anomalies, which are arguably more robust than traditional features. We evaluate such features through an extensive comparison of different ML algorithms, i.e., Naive Bayes classifier (NB), Decision Trees (DT), Random Forests (RF), Support Vector Machines (SVM), and Multi-Layer Perceptron (MLP), to specifically detect BGP path leaks. We show that SVM offers a good trade-off between precision and recall. Finally, we provide insights into the graph features' characteristics during the anomalous and non-anomalous interval and provide an interpretation of the ML classifier results.

show abstract

Section: Machine Learning Algorithmsmentioning

confidence: 94%

Section: Introductionmentioning

confidence: 99%

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Sanchez

Ferlin

Pelsser

et al. 2019

Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Net

Self Cite

View full text Add to dashboard Cite

show abstract

“…Study in [39] proposes a principal component analysis (PCA)-based anomaly method whilst study in [40] uses a PCA sparse. Authors in [41] propose a toolkit for analyzing and detecting anomalous behavior on the Internet. The works in [42]- [44] propose an anomalous mobile agent-based detection scheme, diagnostic and detection of occurrences on a network-wide, and PCA-based distributed-anomaly detection scheme, respectively.…”

Section: Anomaly Detection Studiesmentioning

confidence: 99%

Network anomaly detection research: a survey

Kurniabudi

Purnama

Sharipuddin

et al. 2019

IJEEI

View full text Add to dashboard Cite

Data analysis to identifying attacks/anomalies is a crucial task in anomaly detection and network anomaly detection itself is an important issue in network security. Researchers have developed methods and algorithms for the improvement of the anomaly detection system. At the same time, survey papers on anomaly detection researches are available. Nevertheless, this paper attempts to analyze futher and to provide alternative taxonomy on anomaly detection researches focusing on methods, types of anomalies, data repositories, outlier identity and the most used data type. In addition, this paper summarizes information on application network categories of the existing studies.

show abstract

“…Zhang et al [158] relied on unsupervised clustering techniques to recognize deviations from the normal state of BGP data flow. Lutu et al [159] argued that prefixes that are less visible in the Internet than expected by the prefix owners is an indicator for routing issues. The authors periodically collected BGP messages from vantage points and assigned a visibility degree to each prefix based on the fraction of ASs that have an active stable route for it.…”

Section: Detection and Mitigation Of Anomaliesmentioning

confidence: 99%

The state of affairs in BGP security: A survey of attacks and defenses

Mitseva

Panchenko

Engel

2018

Computer Communications

View full text Add to dashboard Cite

The Border Gateway Protocol (BGP) is the de facto standard interdomain routing protocol. Despite its critical role on the Internet, it does not provide any security guarantees. In response to this, a large amount of research has proposed a wide variety BGP security extensions and detection-recovery systems in recent decades. Nevertheless, BGP remains vulnerable to many types of attack. In this work, we conduct an up-to-date review of fundamental BGP threats and present a methodology for evaluation of existing BGP security proposals. Based on this, we introduce a comprehensive and up-to-date survey of proposals intended to make BGP secure and methods for detection and mitigation of routing instabilities. Last but not least, we identify gaps in research, and pinpoint open issues and unsolved challenges.

show abstract

The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior

Cited by 15 publications

References 24 publications

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Comparing Machine Learning Algorithms for BGP Anomaly Detection using Graph Features

Network anomaly detection research: a survey

The state of affairs in BGP security: A survey of attacks and defenses

Contact Info

Product

Resources

About