Classification of BGP Anomalies Using GRU with BGP Update Messages
Pages 6 - 9
Abstract
With the increasing reliance on the Internet, its reliability and security have become major concerns. The Border Gateway Protocol (BGP) is susceptible to anomalies such as hijacking, configuration errors, and denial-of-service attacks, which can pose significant threats to the performance and reliability of the Internet. However, with the methods for the BGP anomalies classification, the operators can understand the cause of anomalies and take action to solve the problems. Recently, various techniques have been proposed for classifying BGP anomalies utilizing machine learning models. Nevertheless, we have identified some limitations of these classification models that raise doubts regarding their applicability in real-world scenarios for classifying new anomalies. In order to better classify BGP anomalies with high accuracy and efficiency, we introduce Gate Recurrent Unit (GRU) to classify BGP anomalies based on the features selected from BGP update messages. Notably, our method boasts a leaner parameter set and converges more rapidly compared to alternative approaches. Experimental results demonstrate that our method outperforms other methods, with the performance of the precision, recall and F1-score are 100%, 77% and 87% respectively.
References
[1]
A. Barbir, S. Murphy, and Y. Yang. 2006 Generic threats to routing protocols. Internet Eng. Task Force, Fremont, CA, USA, RFC 4593 (Informational), Oct. [Online]. Available: http://www.ietf.org/rfc/rfc4593.txt.
[2]
Y. Rekhter, T. Li, and S. Hares. 2006 RFC 4271: A border gateway protocol 4 (BGP-4), Internet Eng. Task Force, Fremont, CA, USA, RFC 4271 (Proposed Standard), [Online]. Available: http://tools.ietf.org/html/rfc4271.
[3]
B. Al-Musawi, P. Branch, and G. Armitage. 2015 Detecting BGP instability using recurrence quantification analysis (RQA), in Proc. IEEE 34th Int. Perform. Comput. Commun. Conf. (IPCCC), Nanjing, China, pp. 1–8.
[4]
Peng S, Nie J, Shu X, 2022 A multi-view framework for BGP anomaly detection via graph attention network. Computer Networks. 214: 109129.
[5]
Latif, Hamid, 2022 Unveiling the potential of graph neural networks for BGP anomaly detection. Proceedings of the 1st International Workshop on Graph Neural Networking.
[6]
Thales P, Siqueira Y, Daniel M, 2021 BGP Anomalies Classification using Features based on AS Relationship Graphs. C. IEEE Latin-American Conference on Communications (LATINCOM).
[7]
Chung J, Gulcehre C, Cho K, 2014 Empirical evaluation of gated recurrent neural networks on sequence modeling. J. arXiv: Neural and Evolutionary Computing.
[8]
I. Goodfellow, Y. Bengio, and A. Courville. 2016 Deep Learning. MIT Press http://www.deeplearningbook.org.
[9]
Krenc T, Beverly R, Smaragdakis G. 2021 AS-level BGP community usage classification Proceedings of the 21st ACM Internet Measurement Conference. 577-592.
[10]
Silva Jr B A, Mol P, Fonseca O, 2022 Automatic inference of BGP location communities. Proceedings of the ACM on Measurement and Analysis of Computing Systems. 6(1): 1-23.
[11]
Hoarau K, Tournoux P U, Razafindralambo T. 2022 Detecting forged AS paths from BGP graph features using Recurrent Neural Networks. IEEE 19th Annual Consumer Communications & Networking Conference (CCNC). IEEE, 735-736.
[12]
Al-Rousan N, Haeri S, Trajković L. 2012 Feature selection for classification of BGP anomalies using Bayesian models International Conference on Machine Learning and Cybernetics. IEEE, 1: 140-147.
Index Terms
- Classification of BGP Anomalies Using GRU with BGP Update Messages
Recommendations
Computational complexity of traffic hijacking under BGP and S-BGP
Harmful Internet hijacking incidents put in evidence how fragile interdomain routing is. In particular, the Border Gateway Protocol (BGP), which is used to exchange routing information between Internet entities, called Autonomous Systems (ASes), proved ...
BGP skeleton: an alternative to iBGP route reflection
INFOCOM'10: Proceedings of the 29th conference on Information communicationsThe Internet is a composition of ASes (Autonomous Systems), BGP (Border Gateway Protocol) is the routing protocol that is responsible of exchanging routes between these ASes. It operates in two modes: External BGP (eBGP) and Internal BGP (iBGP). EBGP ...
Neighbor-specific BGP: more flexible routing policies while improving global stability
SIGMETRICS '09The Border Gateway Protocol (BGP) offers network administrators considerable flexibility in controlling how traffic flows through their networks. However, the interaction between routing policies in different Autonomous Systems (ASes) can lead to ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2023
467 pages
ISBN:9798400716966
DOI:10.1145/3661638
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 June 2024
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
AISNS 2023
AISNS 2023: 2023 International Conference on Artificial Intelligence, Systems and Network Security
December 22 - 24, 2023
Mianyang, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 29Total Downloads
- Downloads (Last 12 months)29
- Downloads (Last 6 weeks)3
Reflects downloads up to 02 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format