A Framework for BGP Abnormal Events Detection

TL;DR

This paper presents a machine learning-based framework for detecting abnormal BGP events, enhancing network security by accurately identifying deviations in BGP updates through feature analysis and clustering.

Contribution

It introduces a novel anomaly detection framework utilizing machine learning to identify BGP anomalies, combining network security and data mining techniques.

Findings

Features improve classification accuracy for anomalies

Clustering effectively groups similar BGP anomalies

Preliminary results are promising for real-world application

Abstract

Detection of abnormal BGP events is of great importance to preserve the security and robustness of the Internet inter-domain routing system. In this paper, we propose an anomaly detection framework based on machine learning techniques to identify the anomalous events by training a model for normal BGP-updates and measuring the extent of deviation from the normal model during the abnormal occasions. Our preliminary results show that the features generated and selected are capable of improving the classification results to distinguish between anomalies and normal BGP update messages. Furthermore, the clustering results demonstrate the effectiveness of formed models to detect the similar types of BGP anomalies. In a more general context, an interdisciplinary research is performed between network security and data mining to deal with real-world problems and the achieved results are promising.