Learning-based anomaly detection in BGP updates.

., for grouping related update messages) needed in previous approaches to BGP-anomaly detection. ... In this paper, we propose an instance-learning framework that identifies anomalies based on deviations from the "normal" BGP-update dynamics for a given destination prefix and across prefixes. ... Previously, statistics-based anomaly detection [8, 12] has been used to detect abnormal route changes. ...

doi:10.1145/1080173.1080189 dblp:conf/minenet/ZhangRF05 fatcat:qwv2bwqhgfcczhavjjdm2eyemy

In this paper, we propose an anomaly detection framework based on machine learning techniques to identify the anomalous events by training a model for normal BGP-updates and measuring the extent of deviation ... Furthermore, the clustering results demonstrate the effectiveness of formed models to detect the similar types of BGP anomalies. ... In this study we present an anomaly detection framework based on machine learning algorithms applied to well-known BGP abnormal events. ...

arXiv:1708.03453v1 fatcat:xw22rxvt6felpfstmbfwls3gra

These anomalies are classified into large or small scale anomalies. Machine learning models are used to analyze and detect anomalies from the complex data extracted from BGP behavior. ... The Border Gateway Protocol (BGP) is in charge of the route exchange at the Internet scale. Anomalies in BGP can have several causes (mis-configuration, outage and attacks). ... ML BASED ANOMALY DETECTION In this section, we compare the benefits of statistical and graph features for the detection of BGP anomalies. We build A. ...

doi:10.1109/lcn52139.2021.9524941 fatcat:2g5efcg2yfam7h7nyyb3bpsuei

Statistical and machine learning techniques have been recently deployed to classify and detect BGP anomalies. ... In this paper, we introduce new classification features and apply Support Vector Machine (SVM) models and Hidden Markov Models (HMMs) to design anomaly detection mechanisms. ... In this paper, we employ machine learning techniques to develop models for detecting BGP anomalies. We extract numerous BGP features in order to achieve reliable classification results. ...

doi:10.1109/hpsr.2012.6260835 dblp:conf/hpsr/Al-RousanT12 fatcat:jygv4biqtffpdi4nqltxktecxa

In this paper, we propose a BGP anomaly detection framework called BAlet that delivers both temporal and spatial localization of the potential anomalies. ... It requires only a simple count of BGP update messages collected over a certain period. We first investigate the self-similarity in BGP update traffic and present a quantitative validation. ... Instead, anomalies detected based on the key observation that most anomalies corresponds to increases in the volume of BGP update messages. ...

doi:10.1109/noms.2008.4575169 dblp:conf/noms/MaiYC08 fatcat:it7sppqlnjgtpivdpwt4h7wyge

Network reachability information, contained in BGP update messages, is stored in the Routing Information Base (RIB). ... Recent BGP anomaly detection systems employ machine learning techniques to mine network data. ... It is a framework for implementation of machine learning algorithms. Machine learning techniques have been recently employed in designing BGP anomaly detection systems [5] - [7] . ...

doi:10.1109/dinwc.2015.7054228 fatcat:6qiub7ytujborapfqgpnbt7upu

In this paper, we describe an integration of visual and automated data mining methods for discovering and investigating anomalies in Internet routing. ... In the past, we and other researchers have presented various visual-based, statistical-based, and signature-based methods of analyzing Internet routing data. ... In our previous work [21] , we applied statistical-based anomaly detection and signature-based detection to examine BGP updates. ...

doi:10.1145/1029208.1029215 dblp:conf/vizsec/TeohZTMW04 fatcat:lrm23xdedjgf7lhm7ctafxv43y

While various machine learning techniques may be employed to detect BGP anomalies, their performance strongly depends on the employed learning algorithms. ... Decision tree and extreme learning machine classification techniques are then used to maximize the accuracy of detecting BGP anomalies. ... In Section II, we describe the BGP datasets and extracted features relevant to the detection of BGP anomalies. ...

doi:10.1109/smc.2014.6974096 dblp:conf/smc/LiXHWBHT14 fatcat:wnxd6kyryzcwtcaxnbxqesebve

The literature shows that adhoc procedures and tools have been developed to extract specific features to train machine learning models for anomaly detection. ... The Border Gateway Protocol (BGP) is in charge of the route exchange at the Internet scale. ... Many approaches based on statistical features or graph features have been developed in the field of BGP anomaly detection. ...

doi:10.1109/iccworkshops50388.2021.9473737 fatcat:ymiey5gycvdd7p5whgcfjgkizi

In this paper, we propose a multi-view model for capturing anomalous behaviors from BGP update traffic, in which Seasonal and Trend decomposition using Loess (STL) method is used to reduce the noise in ... As the default protocol for exchanging routing reachability information on the Internet, the abnormal behavior in traffic of Border Gateway Protocols (BGP) is closely related to Internet anomaly events ... The authors would like to thank all the members of the IVSN Research Group, Zhejiang University of Technology for the valuable discussions about the ideas and technical details presented in this paper. ...

arXiv:2112.12793v1 fatcat:aixppjyvpresfhxzk5uu6uhmpa

Hence, employing anomaly detection algorithms is important for improving the performance of BGP routing protocol. ... Our mechanism shows that the detected anomalies are more realistic and the selected features are generally consistent across time series. ... Many techniques have been employed to detect BGP anomalies [1] . ...

doi:10.3906/elk-1804-55 fatcat:55zphetvlzcw7pupnnvd5mt2ji

Open Access

In this paper, BGP anomalies have been classified by applying Machine learning (ML) algorithms. The dataset contains information about the sending and receiving time between ASes. ... Since, ASes communicate through messages, therefore, the anomalies can be reduced by identifying the corrupted BGP message in the dataset. ... Also in 2003 Slammer anomaly was detected where there was huge increment in the number of update anomalies. Slammer is one of the fastest worm attacks. ...

doi:10.35940/ijitee.k2159.0981119 fatcat:fme4y5ewlfcdbiestffb3c7cje

thus must be detected in their early stages. ... In particular, we leverage data mining techniques to train the framework to learn rules of abnormal BGP events, and our results from two case studies show that these rules are effective. ... Instance-based machine learning [17] and outlier analysis [18] have been used to build models of normal data and detect deviations as anomalies. ...

doi:10.1145/1096536.1096542 fatcat:ydej4rhojfadzd7yrkpxq4pvbi

Thus early anomaly detection mechanisms are of great importance. In this paper, we propose a Bayesian approach for time efficient link failure detection using BGP update message traces. ... The detection is done using an automated mechanism to label, train and classify the network status based on features extracted from BGP traces. ... RELATED WORK Early work in anomaly detection was based on expert systems [13] . ...

doi:10.1109/icc.2007.335 dblp:conf/icc/LongS07 fatcat:f3rwvuitejex7cyqlenzm6ywcy

Recent research focused on the study of BGP anomalies (both network/prefix instability and security-related incidents) has been based on the analysis of historical logs. ... In addition, such techniques are challenged by a lack of sufficient resources to store and process data feeds in real-time from multiple BGP Vantage Points (VPs). ... of BGP updates based on history log. ...

arXiv:1705.08666v1 fatcat:xlienzux3nds7c6lc4auofnec4

Learning-based anomaly detection in BGP updates

Preserved Fulltext

A Framework for BGP Abnormal Events Detection [article]

Preserved Fulltext

Suitability of Graph Representation for BGP Anomaly Detection

Preserved Fulltext

Machine learning models for classification of BGP anomalies

Preserved Fulltext

Detecting BGP anomalies with wavelet

Preserved Fulltext

Performance evaluation of BGP anomaly classifiers

Preserved Fulltext

Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP

Preserved Fulltext

Classification of BGP anomalies using decision trees and fuzzy rough sets

Preserved Fulltext

BML: An Efficient and Versatile Tool for BGP Dataset Collection

Preserved Fulltext

A Multi-View Framework for BGP Anomaly Detection via Graph Attention Network [article]

Preserved Fulltext

Improving anomaly detection in BGP time-series data by new guide features and moderated feature selection algorithm

Preserved Fulltext

Using Linear Discriminant Analysis for Dimensionality Reduction for Predicting Anomalies of BGP data

Preserved Fulltext

An internet routing forensics framework for discovering rules of abnormal BGP events

Preserved Fulltext

Real Time Detection of Link Failures in Inter Domain Routing

Preserved Fulltext

Towards Near Real-Time BGP Deep Analysis: A Big-Data Approach [article]

Preserved Fulltext