Advanced search
Start date
Betweenand


BGP Anomalies Classification using Features based on AS Relationship Graphs

Full text
Author(s):
Paiva, Thales B. ; Siqueira, Yaissa ; Batista, Daniel Macedo ; Hirata Jr, R. ; Terada, R. ; Velazquez, R
Total Authors: 6
Document type: Journal article
Source: 2021 IEEE LATIN-AMERICAN CONFERENCE ON COMMUNICATIONS (LATINCOM 2021); v. N/A, p. 6-pg., 2021-01-01.
Abstract

Ensuring the correct behavior of the Border Gateway Protocol (BGP) is essential for keeping a good quality of service on the internet. When an anomalous behavior is detected, operators of border gateways need to classify it correctly into a direct (intended or unintended) anomaly, an indirect anomaly, or a link failure. This classification helps to understand its cause and act upon it. Recently, some techniques for the classification of BGP anomalies using machine learning models were proposed. However, we notice some limitations of these classification models that make it unclear if they can be used in the real world to classify new anomalies. This paper presents a new model with good performance when classifying BGP events not seen in its training. Our model is based on Long Short-Term Memory (LSTM) networks and uses new features based on inferred relationships between Autonomous Systems (ASes) to classify sets of BGP update messages. The model classifies samples from new events achieving 91% of accuracy and F1 scores of 1.00, 0.93, and 0.80 for direct anomalies, indirect anomalies, and link failure, respectively. (AU)

FAPESP's process: 15/24485-9 - Future internet for smart cities
Grantee:Fabio Kon
Support Opportunities: Research Projects - Thematic Grants
FAPESP's process: 18/22979-2 - IoT-SED: security and efficiency in data transport on Internet of Things
Grantee:Daniel Macêdo Batista
Support Opportunities: Regular Research Grants
FAPESP's process: 18/23098-0 - MENTORED: from modeling to experimentation - predicting and detecting DDoS and zero-day attacks
Grantee:Michele Nogueira Lima
Support Opportunities: Research Projects - Thematic Grants
FAPESP's process: 14/50937-1 - INCT 2014: on the Internet of the Future
Grantee:Fabio Kon
Support Opportunities: Research Projects - Thematic Grants