BEAR: BGP Event Analysis and Reporting
Hanqing Li, Melania Fedeli, Vinay Kolar, Diego Klabjan
TL;DR
BEAR is a framework that uses large language models to automatically analyze and generate detailed reports on BGP anomalies, improving interpretability and operational insights in network management.
Contribution
This paper introduces BEAR, the first system leveraging LLMs for automated BGP anomaly explanation and synthetic data generation, enhancing interpretability and detection accuracy.
Findings
BEAR achieves 100% accuracy on real and synthetic datasets.
It outperforms Chain-of-Thought and in-context learning baselines.
BEAR provides detailed, automated BGP anomaly reports.
Abstract
The Internet comprises of interconnected, independently managed Autonomous Systems (AS) that rely on the Border Gateway Protocol (BGP) for inter-domain routing. BGP anomalies--such as route leaks and hijacks--can divert traffic through unauthorized or inefficient paths, jeopardizing network reliability and security. Although existing rule-based and machine learning methods can detect these anomalies using structured metrics, they still require experts with in-depth BGP knowledge of, for example, AS relationships and historical incidents, to interpret events and propose remediation. In this paper, we introduce BEAR (BGP Event Analysis and Reporting), a novel framework that leverages large language models (LLMs) to automatically generate comprehensive reports explaining detected BGP anomaly events. BEAR employs a multi-step reasoning process that translates tabular BGP data into detailed…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware-Defined Networks and 5G · Network Security and Intrusion Detection · Software System Performance and Reliability