Zhenxiang He
ABSTRACT
Border Gateway Protocol (BGP) serves as a path vector protocol that manages network reachability information among Autonomous Systems (AS), is critical to the stability and reliability of the Internet. The single approach in previous studies fails to adequately capture the temporal and feature information in BGP traffic data. In this study, we introduce a novel bidirectional recurrent neural networks with self-attentive mechanism (BiRNNs-SAT) method to better detect anomalous behavior in BGP traffic data. In our proposed method, normalization is used to balance the temporal and feature dimensions of the singularity data, while a two-layer hierarchical structure is constructed. The first layer aims to capture bidirectional time-dependent and feature correlation information to provide a comprehensive data representation for the model. The second layer employs a self-attention mechanism to compute the degree of contribution of each hidden state to the attention and dynamically generate the weights between connections. To validate the feasibility of the model, we use five real-world collected datasets for extensive experimental evaluation. The findings show that our suggested BiRNNs-SAT method performs well on the BGP anomaly classification task, improving the F1 value by up to 16.8892% relative to the baseline model. In summary, the BiRNNs-SAT model proposed in this study provides an efficient and effective solution to the BGP anomaly classification problem.
- Boahen, Edward Kwadwo, Brunel Elvire Bouya-Moko, and Changda Wang. "Network anomaly detection in a controlled environment based on an enhanced PSOGSARFC." Computers & Security 104 (2021): 102225. https://doi.org/10.1016/j.cose.2021.102225Google Scholar
Digital Library
- Rekhter, Yakov, Tony Li, and Susan Hares, eds. "RFC 4271: A border gateway protocol 4 (BGP-4)." (2006).Google ScholarDigital Library
- Streibelt F, Lichtblau F, Beverly R, Bgp communities: Even more worms in the routing can. Proceedings of the Internet Measurement Conference 2018. 2018: 279-292. https://doi.org/10.1145/3278532.3278557Google ScholarDigital Library
- Al-Musawi B, Branch P, Armitage G. Detecting BGP instability using recurrence quantification analysis (RQA). 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC). IEEE, 2015: 1-8.https://doi.org/10.1109/PCCC.2015.7410340Google ScholarDigital Library
- Shi X, Xiang Y, Wang Z, Detecting prefix hijackings in the internet with argus. Proceedings of the 2012 Internet Measurement Conference. 2012: 15-28. https://doi.org/10.1145/2398776.2398779Google ScholarDigital Library
- Cheng M, Xu Q, Jianming L V, MS-LSTM: A multi-scale LSTM model for BGP anomaly detection. 2016 IEEE 24th International Conference on Network Protocols (ICNP). IEEE, 2016: 1-6. https://doi.org/10.1109/ICNP.2016.7785326Google ScholarCross Ref
- Moriano P, Hill R, Camp L J. Using bursty announcements for detecting BGP routing anomalies. J. Computer Networks, 2021, 188: 107835. https://doi.org/10.1016/j.comnet.2021.107835Google ScholarCross Ref
- Li Y, Xing H J, Hua Q, Classification of BGP anomalies using decision trees and fuzzy rough sets. 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, 2014: 1312-1317. https://doi.org/10.1109/SMC.2014.6974096Google ScholarCross Ref
- Al-Rousan N M, Trajković L. Machine learning models for classification of BGP anomalies. 2012 IEEE 13th International Conference on High Performance Switching and Routing. IEEE, 2012: 103-108. https://doi.org/10.1109/HPSR.2012.6260835Google ScholarCross Ref
- Al-Rousan N, Haeri S, Trajković L. Feature selection for classification of BGP anomalies using Bayesian models. 2012 International Conference on Machine Learning and Cybernetics. IEEE, 2012, 1: 140-147. https://doi.org/10.1109/ICMLC.2012.6358901Google ScholarCross Ref
- Ding Q, Li Z, Batta P, Detecting BGP anomalies using machine learning techniques. 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, 2016: 003352-003355. https://doi.org/10.1109/SMC.2016.7844751Google ScholarDigital Library
- Dong Y, Li Q, Sinnott R O, ISP self-operated BGP anomaly detection based on weakly supervised learning. 2021 IEEE 29th International Conference on Network Protocols (ICNP). IEEE, 2021: 1-11. https://doi.org/10.1109/ICNP52444.2021.9651957Google ScholarCross Ref
- Wen Q, Sun L, Yang F, Time series data augmentation for deep learning: A survey. J. arXiv preprint arXiv:2002.12478, 2020. https://doi.org/10.24963/ijcai.2021/631Google ScholarCross Ref
- Li Z, Rios A L G, Trajković L. Detecting internet worms, ransomware, and blackouts using recurrent neural networks. 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, 2020: 2165-2172.https://doi.org/10.1109/SMC42975.2020.9283472Google ScholarDigital Library
- Cheng M, Li Q, Lv J, Multi-scale LSTM model for BGP anomaly classification. J. IEEE Transactions on Services Computing, 2018, 14(3): 765-778. https://doi.org/10.1109/TSC.2018.2824809Google ScholarCross Ref
- Peng S, Nie J, Shu X, A multi-view framework for BGP anomaly detection via graph attention network. J. Computer Networks, 2022, 214: 109129. https://doi.org/10.1016/j.comnet.2022.109129Google ScholarDigital Library
- Bahdanau D, Cho K, Bengio Y. Neural machine translation by jointly learning to align and translate. J. arXiv preprint arXiv:1409.0473, 2014. https://doi.org/10.48550/arXiv.1409.0473Google ScholarCross Ref
- Luong M T, Pham H, Manning C D. Effective approaches to attention-based neural machine translation. J. arXiv preprint arXiv:1508.04025, 2015. https://doi.org/10.48550/arXiv.1508.04025Google ScholarCross Ref
- Al-Musawi B, Branch P, Armitage G. BGP anomaly detection techniques: A survey. J. IEEE Communications Surveys & Tutorials, 2016, 19(1): 377-396. https://doi.org/10.1109/COMST.2016.2622240Google ScholarDigital Library
- Lad M, Zhao X, Zhang B, Analysis of BGP update surge during slammer worm attack. International Workshop on Distributed Computing. Berlin, Heidelberg: Springer Berlin Heidelberg, 2003: 66-79.Google ScholarCross Ref
- Wang L, Zhao X, Pei D, Observation and analysis of BGP behavior under stress. Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment. 2002: 183-195. https://doi.org/10.1145/637201.637231Google ScholarDigital Library
- Deshpande S, Thottan M, Sikdar B. Early detection of BGP instabilities resulting from Internet worm attacks. IEEE Global Telecommunications Conference, 2004. GLOBECOM'04. IEEE, 2004, 4: 2266-2270. https://doi.org/10.1109/GLOCOM.2004.1378412Google ScholarCross Ref
- Graves A, Graves A. Long short-term memory. J. Supervised sequence labelling with recurrent neural networks, 2012: 37-45.Google ScholarCross Ref
- Li Z, Rios A L G, Xu G, Machine learning techniques for classifying network anomalies and intrusions. 2019 IEEE international symposium on circuits and systems (ISCAS). IEEE, 2019: 1-5. https://doi.org/10.1109/ISCAS.2019.8702583Google ScholarCross Ref
- Li Z, Rios A L G, Trajković L. Machine learning for detecting anomalies and intrusions in communication networks. J. IEEE Journal on Selected Areas in Communications, 2021, 39(7): 2254-2264. https://doi.org/10.1109/JSAC.2021.3078497Google ScholarCross Ref
- Hoarau K, Tournoux P U, Razafindralambo T. Bgnn: Detection of bgp anomalies using graph neural networks. 2022 IEEE Symposium on Computers and Communications (ISCC). IEEE, 2022: 1-6. https://doi.org/10.1109/ISCC55528.2022.9912989Google ScholarCross Ref
- Shi-Nan Wang, Yu-Jing Wu, and Yi-Nan Xu*, "Research of CAN Bus Information Anomaly Detection Based on Convolutional Neural Network," International Journal of Computer Theory and Engineering vol. 13, no. 2, pp. 42-46, 2021.Google ScholarCross Ref
Index Terms
- BiRNNs-SAT for Detecting BGP Traffic Anomalies in Communication Networks
Recommendations
Unveiling the potential of graph neural networks for BGP anomaly detection
GNNet '22: Proceedings of the 1st International Workshop on Graph Neural NetworkingThe Border Gateway Protocol (BGP) is central to the global connectivity of the Internet, enabling fast and efficient dissemination of routing information. Hence, detecting any anomaly concerning BGP announcements is of critical importance to ensure the ...
Multiple route selector BGP (MRS-BGP)
ICWET '10: Proceedings of the International Conference and Workshop on Emerging Trends in TechnologyTo maximize the utilization of network resources it is necessary to have good approach for Routing Policy. The protocol currently used for Interdomain Routing is Border Gateway Protocol (BGP). BGP permits each router to use single best route for each ...
Architecture of the remote routing validation tool for BGP anomaly detection
RACS '12: Proceedings of the 2012 ACM Research in Applied Computation SymposiumThe Border Gateway Protocol (BGP) is an Inter-domain routing protocol that has gradually evolved over the past few decades. The main functionality of BGP is to exchange Network Layer Reachability Information (NLRI) between ASes so that a BGP speaker can ...
Comments