Deep Learning for Detection of BGP Anomalies

  • Marijana CosovicEmail author
  • Slobodan Obradovic
  • Emina Junuz
Conference paper
Part of the Contributions to Statistics book series (CONTRIB.STAT.)


The Internet uses Border Gateway Protocol (BGP) for exchange of routes and reachability information between Autonomous Systems (AS). Hence, BGP is subject to anomalous traffic that can cause problems with connectivity and traffic loss. Routing Table Leak (RTL), worm and power outage events are considered anomalous in the sense that they can disrupt the Internet routing and cause slowdowns of varying severity, which leads to packet delivery reliability issues. Deep learning, a subfield of machine learning, could be applied in detection of BGP anomalies. Studying RTL, worm, and power outage events are of interest to network operators and researchers alike. In this paper, we consider datasets of several events, all of which caused large-scale Internet outages. We use artificial neural network (ANN) models based on a backpropagation algorithm for anomalous event classification.


Machine learning Deep learning Anomaly detection BGP Sampling 


  1. 1.
    Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4). (2006). Accessed 20 June 2017
  2. 2.
    Manderson, T.: Multi-threaded routing toolkit (MRT) border gateway protocol (BGP) routing information export format with geo-location extensions. rfc6397.txt (2011). Accessed 20 November 2017Google Scholar
  3. 3.
  4. 4.
    Ćosović, M., Obradović, S., Trajković, Lj.: Performance evaluation of BGP anomaly classifiers. In: Proceedings of the International Conference on Digital Information, Networking and Wireless Communication, pp. 115–120 (2015)Google Scholar
  5. 5.
    Cosovic, M., Obradovic, S., Trajkovic, L.J.: Classifying anomalous events in BGP datasets. In: Proceedings of the 29th Annual IEEE Canadian Conference on Electrical and Computer Engineering (CCECE 2016), pp. 697–700 (2016)Google Scholar
  6. 6.
    Cosovic, M., Obradovic, S.: Ensemble methods for classifying BGP anomalies. Ind. Technol. 4(1), 12–20 (2017)Google Scholar
  7. 7.
    Ćosović, M., Obradović, S., Junuz, E.: Deep learning for detection of BGP anomalies. In: Proceedings of International Work-Conference on Time Series (ITISE 2017), pp. 487–498 (2017)Google Scholar
  8. 8.
    Deng, L., Yu, D.: Deep learning: methods and applications. Found. Trends Signal Process. 7(3–4), 197–387 (2014)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Dau, H.A., Ciesielski, V., Song, A.: Anomaly detection using replicator neural networks trained on examples of one class. In: Proceedings of the 10th International Conference on Simulated Evolution and Learning, pp. 311–322 (2014)Google Scholar
  10. 10.
    Jadidi, Z., Muthukkumarasamy, V., Sithirasenan, E., Sheikhan, M.: Flow-based anomaly detection using neural network optimized with GSA algorithm. In: Proceedings of the 33rd IEEE International Conference on Distributed Computing Systems Workshops (ICDCSW’13), pp. 76–81 (2013)Google Scholar
  11. 11.
    Bishop, C.M.: Pattern Recognition and Machine Learning. Information Science and Statistics. Springer-Verlag New York Inc., Secaucus, NJ, USA (2006)Google Scholar
  12. 12.
    Popescu, A.C., Premore, B.J., Underwood, T.: Anatomy of a Leak: AS9121. (2005). Accessed 20 November 2017
  13. 13.
    AWS Route Leak-North American Network Operators Group Mailing List. (2016). Accessed 20 June 2016
  14. 14.
    Telecom Malaysia AS4788 Route Leak-North American Network Operators Group Mailing List. (2015). Accessed 20 June 2016
  15. 15.
    Indosat Routing Table Leak-North American Network Operators Group Mailing List. (2014). Accessed 20 June 2016
  16. 16.
    Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer Worm. IEEE Secur. Priv. 1(4), 33–39 (2003)CrossRefGoogle Scholar
  17. 17.
    Schauer, R.C.: The mechanisms and effects of the Code Red worm. (2001). Accessed 20 November 2017
  18. 18.
    Moscow Power Blackout-North American Network Operators Group Mailing List. (2005). Accessed 20 June 2016
  19. 19.
    Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions and reversals. Doklady Akademii Nauk SSSR 163(4), 845–848 (1965)MathSciNetzbMATHGoogle Scholar
  20. 20.
    LeCun, Y., Bottou, L., Orr, G.B., Müller, K.-R.: Effiicient BackProp. In: Montavon, G., Orr, G.B., Müller, K.-R. (eds.) Neural Networks: Tricks of the Trade. LNCS, vol. 7700, pp. 9–48. Springer-Verlag, London, UK (1998)CrossRefGoogle Scholar
  21. 21.
    Sriram, K., Montgomery, D., McPherson, D., Osterweil, E., Dickson, B.: Problem Definition and Classification of BGP Route Leaks. (2016)
  22. 22.
    Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. In: Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’02), pp. 3–16 (2002)Google Scholar
  23. 23.
    Chollet, F.: Keras. (2016)
  24. 24.
    Nair, V., Hinton, G.E.: Rectified linear units improve restricted Boltzmann machines. In: Proceedings of 27th International Conference on Machine Learning, pp. 807–814 (2010). Accessed 20 November 2017Google Scholar
  25. 25.
    Davis, J., Goadrich, M.: The relationship between precision-recall and ROC curves. In: Proceedings of 23rd International Conference on Machine Learning, pp. 233–240 (2006). Accessed 20 November 2017Google Scholar
  26. 26.
    Ćosović, M., Obradović, S.: BGP anomaly detection with balanced datasets. Tehnički vjesnik/Technical Gazette 25(3) (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Marijana Cosovic
    • 1
    Email author
  • Slobodan Obradovic
    • 1
  • Emina Junuz
    • 2
  1. 1.Faculty of Electrical EngineeringUniversity of East SarajevoIstocno SarajevoBosnia and Herzegovina
  2. 2.Faculty of Information TechnologyDzemal Bijedic UniversityMostarBosnia and Herzegovina

Personalised recommendations