[go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Realtime BGP Anomaly Detection Using Graph Centrality Features

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2024)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 201))

  • 488 Accesses

Abstract

Border Gateway Protocol (BGP) anomalies, such as hijacking, is currently growing in trend due to limited detection capabilities. BGP hijacking maliciously reroutes Internet traffic, causing Denial of Service (DoS) to major Internet Service Providers (ISPs) or redirection attacks to Internet users. While it has been shown that BGP anomalies can be detected using machine learning (ML) methods, the features used to train these ML models are not comprehensive. This is because node level features, such as the number of BGP announcements, average Autonomous System (AS) path length and average edit distance do not consider the structure or relationships present in the network graph. In this paper, an approach to extract information from BGP updates to build a network graph is proposed. Then, centrality information is used as features to model the graphical structure of the network to build an early detection tool for BGP anomalies using ML. The proposed method has been validated on real world data from the CenturyLink outage and shows promising results for anomaly detection (as early as one hour before the event was reported) in both individual and a defined group of networks. Furthermore, the anomaly source can be determined using the proposed method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Al-Musawi, B., Branch, P., Armitage, G.: Detecting BGP instability using recurrence quantification analysis (RQA). In: Proceedings of the IEEE 34th International Performance Computing and Communications Conference (IPCCC), Nanjing, China (2015)

    Google Scholar 

  2. Al-Musawi, B., Branch, P., Armitage, G.: BGP anomaly detection techniques: a survey. IEEE Commun. Surv. Tutor. 19(1), 377–396 (2017)

    Article  Google Scholar 

  3. Al-Rousan, N.M., Trajković, L.: Machine learning models for classification of BGP anomalies. In: Proceedings of the IEEE 13th International Conference on High Performance Switching and Routing, Belgrade, Serbia, pp. 103–108 (2012)

    Google Scholar 

  4. Blazakis, D., Karir, M., Baras, J.S.: Analyzing BGP ASPATH behavior in the Internet. In: Proceedings of the 9th IEEE Global Internet Symposium (2006)

    Google Scholar 

  5. Chen, H., Yin, H., Chen, T., Nguyen, Q.V.H., Peng, W.C., Li, X.: Exploiting centrality information with graph convolutions for network representation learning. In: Proceedings of the IEEE 35th International Conference on Data Engineering (ICDE), Macao, China, pp. 590–601 (2019)

    Google Scholar 

  6. Di Battista, G., Mariani, F., Patrignani, M., Pizzonia, M.: BGPlay: a system for visualizing the interdomain routing evolution. In: Liotta, G. (ed.) GD 2003. LNCS, vol. 2912, pp. 295–306. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24595-7_27, http://bgplay.routeviews.org/

  7. Fezeu, R.A.K., Zhang, Z.L.: Anomalous model-driven-telemetry network-stream BGP detection. In: Proceedings of the IEEE 28th International Conference on Network Protocols (ICNP), pp. 1–6 (2020)

    Google Scholar 

  8. Haeberlen, A., Avramopoulos, I., Rexford, J., Druschel, P.: NetReview: detecting when interdomain routing goes wrong. In: Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, USA, pp. 437–452 (2009)

    Google Scholar 

  9. Hoarau, K., Tournoux, P.U., Razafindralambo, T.: BML: an efficient and versatile tool for BGP dataset collection. In: Proceedings of the IEEE International Conference on Communications Workshops (ICC Workshops), pp. 1–6 (2021)

    Google Scholar 

  10. Hoarau, K., Tournoux, P.U., Razafindralambo, T.: Suitability of graph representation for BGP anomaly detection. In: Proceedings of the IEEE 46th Conference on Local Computer Networks (LCN), Edmonton, AB, Canada, pp. 305–310 (2021)

    Google Scholar 

  11. Hoarau, K., Tournoux, P.U., Razafindralambo, T.: BGNN: detection of BGP anomalies using graph neural networks. In: Proceedings of the IEEE Symposium on Computers and Communications (ISCC), Rhodes Island, Greece (2022)

    Google Scholar 

  12. Latif, H., Paillissé, J., Yang, J., Cabellos-Aparicio, A., Barlet-Ros, P.: Unveiling the potential of graph neural networks for BGP anomaly detection. In: Proceedings of the 1st International Workshop on Graph Neural Networking (GNNet), Rome, Italy, pp. 7–12 (2022)

    Google Scholar 

  13. Li, Z., Rios, A.L.G., Trajković, L.: Machine learning for detecting anomalies and intrusions in communication networks. IEEE J. Sel. Areas Commun. 39(7), 2254–2264 (2021)

    Article  Google Scholar 

  14. Lutu, A., Bagnulo, M., Cid-Sueiro, J., Maennel, O.: Separating wheat from chaff: winnowing unintended prefixes using machine learning. In: Proceedings of the IEEE Conference on Computer Communications (INFOCOM), Toronto, ON, Canada, pp. 943–951 (2014)

    Google Scholar 

  15. Odiathevar, M., Cameron, D., Seah, W.K.G., Frean, M., Valera, A.: Humans learning from machines: data science meets network management. In: Proceedings of the International Conference on COMmunication Systems NETworkS (COMSNETS), Bengaluru, India, pp. 421–428 (2021)

    Google Scholar 

  16. Peng, S., et al.: A multi-view framework for BGP anomaly detection via graph attention network. Comput. Netw. 214, 109129 (2022)

    Article  Google Scholar 

  17. Prakash, B., Valler, N., Andersen, D., Faloutsos, M., Faloutsos, C.: BGP-lens: patterns and anomalies in internet routing updates. In: Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Paris, France, pp. 1315–1324 (2009)

    Google Scholar 

  18. Prince, M.: Aug 30th 2020: Analysis of century-link/level(3) outage. https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/

  19. Putina, A., et al.: Unsupervised real-time detection of BGP anomalies leveraging high-rate and fine-grained telemetry data. In: Proceedings of the IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 1–2 (2018)

    Google Scholar 

  20. Rekhter, Y., Hares, S., Li, T.: A border gateway protocol 4 (BGP-4). RFC 4271 (2006). https://rfc-editor.org/rfc/rfc4271.txt

  21. Shi, X., et al.: Detecting prefix hijackings in the internet with Argus. In: Proceedings of the Internet Measurement Conference (IMC), Boston, MA, USA, pp. 15–28 (2012)

    Google Scholar 

  22. Simon, T.L.: oof. panix sidelined by incompetence... again. https://www.mail-archive.com/nanog@merit.edu/msg40003.html

  23. Sun, J., et al.: An efficient BGP anomaly detection scheme with hybrid graph features. In: Quan, W. (ed.) ICENAT 2022. CCIS, vol. 1696, pp. 494–506. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-9697-9_40

    Chapter  Google Scholar 

  24. Tahara, M., Tateishi, N., Oimatsu, T., Majima, S.: A method to detect prefix hijacking by using ping tests. In: Ma, Y., Choi, D., Ata, S. (eds.) APNOMS 2008. LNCS, vol. 5297, pp. 390–398. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88623-5_40

    Chapter  Google Scholar 

  25. Theodoridis, G., Tsigkas, O., Tzovaras, D.: A novel unsupervised method for securing BGP against routing hijacks. In: Gelenbe, E., Lent, R. (eds.) Computer and Information Sciences III, pp. 21–29. Springer, London (2013). https://doi.org/10.1007/978-1-4471-4594-3_3

    Chapter  Google Scholar 

  26. de Urbina Cazenave, I.O., Köşlük, E., Ganiz, M.C.: An anomaly detection framework for BGP. In: Proceedings of the International Symposium on Innovations in Intelligent Systems and Applications, Istanbul, Turkey, pp. 107–111 (2011)

    Google Scholar 

  27. Wasserman, S., Faust, K.: Social Network Analysis: Methods and Applications. Structural Analysis in the Social Sciences. Cambridge University Press, Cambridge (1994)

    Google Scholar 

  28. Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: detecting IP prefix hijacking on my own. IEEE/ACM Trans. Netw. 18(6), 1815–1828 (2010)

    Article  Google Scholar 

Download references

Acknowledgements

The work of Winston K.G. Seah was partially supported by a grant from the APNIC Foundation, via the Information Society Innovation Fund (ISIF Asia). The authors acknowledge the support of REANNZ for providing the BGP Update datasets.

Author information

Authors and Affiliations

  1. School of Engineering and Computer Science, Victoria University of Wellington, Wellington, New Zealand

    Janel Huang, Alvin Valera, Jyoti Sahni, Marcus Frean & Winston K. G. Seah

  2. Research and Business Foundation, Sungkyunkwan University, Seoul, South Korea

    Murugaraj Odiathevar

Authors
  1. Janel Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Murugaraj Odiathevar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alvin Valera
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jyoti Sahni
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marcus Frean
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Winston K. G. Seah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Winston K. G. Seah .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Huang, J., Odiathevar, M., Valera, A., Sahni, J., Frean, M., Seah, W.K.G. (2024). Realtime BGP Anomaly Detection Using Graph Centrality Features. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 201. Springer, Cham. https://doi.org/10.1007/978-3-031-57870-0_20

Download citation

Publish with us

Policies and ethics

Search

Navigation