Comparing Machine Learning Algorithms for BGP Anomaly Detection Using Graph Features
Odnan Ref Sanchez , Simone Ferlin , Cristel Pelsser and Randy Bush
Abstract
The Border Gateway Protocol (BGP) coordinates the connectivity and reachability among Autonomous Systems, providing efficient operation of the global Internet. Historically, BGP anomalies have disrupted network connections on a global scale, i.e., detecting them is of great importance. Today, Machine Learning (ML) methods have improved BGP anomaly detection using volume and path features of BGP's update messages, which are often noisy and bursty. In this work, we identified different graph features to detect BGP anomalies, which are arguably more robust than traditional features. We evaluate such features through an extensive comparison of different ML algorithms, i.e., Naive Bayes classifier (NB), Decision Trees (DT), Random Forests (RF), Support Vector Machines (SVM), and Multi-Layer Perceptron (MLP), to specifically detect BGP path leaks. We show that SVM offers a good trade-off between precision and recall. Finally, we provide insights into the graph features' characteristics during the anomalous and non-anomalous interval and provide an interpretation of the ML classifier results.
Publication Details
- Publication Type
- Conference Paper
- Publication Date
- December 2019
- Published In
- Big-DAMA
- Pages
- 35--41
- Location
- Orlando, FL, USA
- Digital Object Identifier (DOI)
- 10.1145/3359992.3366640
- External Link
- http://icube-publis.unistra.fr/4-RFPB19
BibTeX Citation
@inproceedings{Sanchez2019,
title = {Comparing Machine Learning Algorithms for BGP Anomaly Detection Using Graph Features},
author = {Sanchez, Odnan Ref and Ferlin, Simone and Pelsser, Cristel and Bush, Randy},
year = 2019,
month = dec,
booktitle = {Big-DAMA},
location = {Orlando, FL, USA},
series = {Big-DAMA '19},
pages = {35--41},
doi = {10.1145/3359992.3366640},
url = {http://icube-publis.unistra.fr/4-RFPB19},
organization = {IEE},
abstract = {The Border Gateway Protocol (BGP) coordinates the connectivity and reachability among Autonomous Systems, providing efficient operation of the global Internet. Historically, BGP anomalies have disrupted network connections on a global scale, i.e., detecting them is of great importance. Today, Machine Learning (ML) methods have improved BGP anomaly detection using volume and path features of BGP's update messages, which are often noisy and bursty. In this work, we identified different graph features to detect BGP anomalies, which are arguably more robust than traditional features. We evaluate such features through an extensive comparison of different ML algorithms, i.e., Naive Bayes classifier (NB), Decision Trees (DT), Random Forests (RF), Support Vector Machines (SVM), and Multi-Layer Perceptron (MLP), to specifically detect BGP path leaks. We show that SVM offers a good trade-off between precision and recall. Finally, we provide insights into the graph features' characteristics during the anomalous and non-anomalous interval and provide an interpretation of the ML classifier results.},
groups = {International Conferences},
keywords = {graph features, machine learning algorithms, anomaly detection, BGP},
numpages = 7,
x-international-audience = {Yes},
x-language = {EN}
}
Related publications
Revisiting Recommended BGP Route Flap Damping Configurations
Clemens Mosig, Randy Bush, and Cristel Pelsser, et al.
Proc. of Network Traffic Measurement and Analysis Conference (TMA), 2021
Revisiting Route Flap Damping in the Wild
Mosig Clemens, Randy Bush, and Cristel Pelsser, et al.
Internet Measurement Conference (IMC), 2019
BGP Communities: Even more Worms in the Routing Can
Florian Streibelt, Franziska Lichtblau, and Robert Beverly, et al.
Proceedings of the Internet Measurement Conference 2018, IMC 2018, 2018
BGP table fragmentation: what and who?
Julien Gamba, Romain Fontugne, and Cristel Pelsser, et al.
CoRes, 2017