Deep Learning for Detection of BGP Anomalies

Cosovic, Marijana; Obradovic, Slobodan; Junuz, Emina

doi:10.1007/978-3-319-96944-2_7

Marijana Cosovic⁴,
Slobodan Obradovic⁴ &
Emina Junuz⁵

Part of the book series: Contributions to Statistics ((CONTRIB.STAT.))

Included in the following conference series:

International Work-Conference on Time Series Analysis

2049 Accesses
2 Citations

Abstract

The Internet uses Border Gateway Protocol (BGP) for exchange of routes and reachability information between Autonomous Systems (AS). Hence, BGP is subject to anomalous traffic that can cause problems with connectivity and traffic loss. Routing Table Leak (RTL), worm and power outage events are considered anomalous in the sense that they can disrupt the Internet routing and cause slowdowns of varying severity, which leads to packet delivery reliability issues. Deep learning, a subfield of machine learning, could be applied in detection of BGP anomalies. Studying RTL, worm, and power outage events are of interest to network operators and researchers alike. In this paper, we consider datasets of several events, all of which caused large-scale Internet outages. We use artificial neural network (ANN) models based on a backpropagation algorithm for anomalous event classification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Hardcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4). http://ietf.org/rfc/rfc4271 (2006). Accessed 20 June 2017
Manderson, T.: Multi-threaded routing toolkit (MRT) border gateway protocol (BGP) routing information export format with geo-location extensions. rfc6397.txt (2011). Accessed 20 November 2017
Google Scholar
RIPE RIS raw data. http://www.ripe.net/data-tools/stats/ris/ris-raw-data
Ćosović, M., Obradović, S., Trajković, Lj.: Performance evaluation of BGP anomaly classifiers. In: Proceedings of the International Conference on Digital Information, Networking and Wireless Communication, pp. 115–120 (2015)
Google Scholar
Cosovic, M., Obradovic, S., Trajkovic, L.J.: Classifying anomalous events in BGP datasets. In: Proceedings of the 29th Annual IEEE Canadian Conference on Electrical and Computer Engineering (CCECE 2016), pp. 697–700 (2016)
Google Scholar
Cosovic, M., Obradovic, S.: Ensemble methods for classifying BGP anomalies. Ind. Technol. 4(1), 12–20 (2017)
Google Scholar
Ćosović, M., Obradović, S., Junuz, E.: Deep learning for detection of BGP anomalies. In: Proceedings of International Work-Conference on Time Series (ITISE 2017), pp. 487–498 (2017)
Google Scholar
Deng, L., Yu, D.: Deep learning: methods and applications. Found. Trends Signal Process. 7(3–4), 197–387 (2014)
Article MathSciNet Google Scholar
Dau, H.A., Ciesielski, V., Song, A.: Anomaly detection using replicator neural networks trained on examples of one class. In: Proceedings of the 10th International Conference on Simulated Evolution and Learning, pp. 311–322 (2014)
Google Scholar
Jadidi, Z., Muthukkumarasamy, V., Sithirasenan, E., Sheikhan, M.: Flow-based anomaly detection using neural network optimized with GSA algorithm. In: Proceedings of the 33rd IEEE International Conference on Distributed Computing Systems Workshops (ICDCSW’13), pp. 76–81 (2013)
Google Scholar
Bishop, C.M.: Pattern Recognition and Machine Learning. Information Science and Statistics. Springer-Verlag New York Inc., Secaucus, NJ, USA (2006)
Google Scholar
Popescu, A.C., Premore, B.J., Underwood, T.: Anatomy of a Leak: AS9121. https://www.nanog.org/meeting-archives/nanog34/presentations/underwood.pdf (2005). Accessed 20 November 2017
AWS Route Leak-North American Network Operators Group Mailing List. https://mailman.nanog.org/pipermail/nanog/2016-April/085410.html (2016). Accessed 20 June 2016
Telecom Malaysia AS4788 Route Leak-North American Network Operators Group Mailing List. https://mailman.nanog.org/pipermail/nanog/2015-June/076187.html (2015). Accessed 20 June 2016
Indosat Routing Table Leak-North American Network Operators Group Mailing List. https://mailman.nanog.org/pipermail/nanog/2014-April/065920.html (2014). Accessed 20 June 2016
Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer Worm. IEEE Secur. Priv. 1(4), 33–39 (2003)
Article Google Scholar
Schauer, R.C.: The mechanisms and effects of the Code Red worm. https://www.sans.org/reading-room/whitepapers/dlp/mechanisms-effects-code-red-worm-87 (2001). Accessed 20 November 2017
Moscow Power Blackout-North American Network Operators Group Mailing List. https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-05/msg00650.html (2005). Accessed 20 June 2016
Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions and reversals. Doklady Akademii Nauk SSSR 163(4), 845–848 (1965)
MathSciNet MATH Google Scholar
LeCun, Y., Bottou, L., Orr, G.B., Müller, K.-R.: Effiicient BackProp. In: Montavon, G., Orr, G.B., Müller, K.-R. (eds.) Neural Networks: Tricks of the Trade. LNCS, vol. 7700, pp. 9–48. Springer-Verlag, London, UK (1998)
Chapter Google Scholar
Sriram, K., Montgomery, D., McPherson, D., Osterweil, E., Dickson, B.: Problem Definition and Classification of BGP Route Leaks. https://www.rfc-editor.org/rfc/rfc7908.txt (2016)
Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. In: Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’02), pp. 3–16 (2002)
Google Scholar
Chollet, F.: Keras. https://github.com/fchollet/keras (2016)
Nair, V., Hinton, G.E.: Rectified linear units improve restricted Boltzmann machines. In: Proceedings of 27th International Conference on Machine Learning, pp. 807–814 (2010). Accessed 20 November 2017
Google Scholar
Davis, J., Goadrich, M.: The relationship between precision-recall and ROC curves. In: Proceedings of 23rd International Conference on Machine Learning, pp. 233–240 (2006). Accessed 20 November 2017
Google Scholar
Ćosović, M., Obradović, S.: BGP anomaly detection with balanced datasets. Tehnički vjesnik/Technical Gazette 25(3) (2018)
Google Scholar

Download references

Author information

Authors and Affiliations

Faculty of Electrical Engineering, University of East Sarajevo, Istocno Sarajevo, Bosnia and Herzegovina
Marijana Cosovic & Slobodan Obradovic
Faculty of Information Technology, Dzemal Bijedic University, Mostar, Bosnia and Herzegovina
Emina Junuz

Authors

Marijana Cosovic
View author publications
You can also search for this author in PubMed Google Scholar
Slobodan Obradovic
View author publications
You can also search for this author in PubMed Google Scholar
Emina Junuz
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marijana Cosovic .

Editor information

Editors and Affiliations

ETSIIT, University of Granada, Granada, Spain
Ignacio Rojas
CITIC-UGR and ETSIIT, University of Granada, Granada, Spain
Héctor Pomares
Faculty of Sciences, University of Granada, Granada, Spain
Olga Valenzuela

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Cosovic, M., Obradovic, S., Junuz, E. (2018). Deep Learning for Detection of BGP Anomalies. In: Rojas, I., Pomares, H., Valenzuela, O. (eds) Time Series Analysis and Forecasting. ITISE 2017. Contributions to Statistics. Springer, Cham. https://doi.org/10.1007/978-3-319-96944-2_7

Download citation

DOI: https://doi.org/10.1007/978-3-319-96944-2_7
Published: 04 October 2018
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-96943-5
Online ISBN: 978-3-319-96944-2
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)

Publish with us

Policies and ethics