From Topology to Behavioral Semantics: Enhancing BGP Security by Understanding BGP's Language with LLMs

TL;DR

This paper introduces BGPShield, a novel framework using large language models to analyze BGP AS behaviors semantically, significantly improving anomaly detection accuracy, generalizability, and efficiency over traditional topology-based methods.

Contribution

It presents a new semantic embedding approach for BGP anomaly detection leveraging LLMs, enabling real-time analysis and better generalization to unseen ASes.

Findings

Detects 100% of verified anomalies with <5% false discovery rate

Constructs representations for unseen ASes within one second

Outperforms BEAM with 65 hours less retraining time

Abstract

The trust-based nature of Border Gateway Protocol (BGP) makes it vulnerable to disruptions like prefix hijacking and misconfigurations, threatening routing stability. Traditional detection relies on manual inspection with limited scalability. Machine/Deep Learning (M/DL) approaches automate detection but suffer from suboptimal precision, limited generalizability, and high retraining costs. This is because existing methods focus on topological structures rather than comprehensive semantic characteristics of Autonomous Systems (ASes), often misinterpreting functionally similar but topologically distant ASes. To address this, we propose BGPShield, an anomaly detection framework built on LLM embeddings that captures the Behavior Portrait and Routing Policy Rationale of each AS beyond topology, such as operational scale and global role. We propose a segment-wise aggregation scheme to transform AS descriptions into LLM representations without information loss, and a lightweight contrastive reduction network to compress them into a semantic-consistent version. Using these representations, our AR-DTW algorithm aligns and accumulates semantic distances to reveal behavioral inconsistencies. Evaluated on 16 real-world datasets, BGPShield detects 100% of verified anomalies with a false discovery rate below 5%. Notably, the employed LLMs were released prior to evaluation events, verifying generalizability. Furthermore, BGPShield constructs representations for unseen ASes within one second, significantly outperforming BEAM which demands costly retraining (averaging 65 hours).