Visible to the public Suitability of Graph Representation for BGP Anomaly Detection

TitleSuitability of Graph Representation for BGP Anomaly Detection
Publication TypeConference Paper
Year of Publication2021
AuthorsHoarau, Kevin, Tournoux, Pierre Ugo, Razafindralambo, Tahiry
Conference Name2021 IEEE 46th Conference on Local Computer Networks (LCN)
KeywordsBGP Anomaly, Collaboration, composability, compositionality, Computational modeling, Data models, feature extraction, graph, Human Behavior, human factors, Internet-scale Computing Security, Logic gates, machine learning, Metrics, policy-based governance, pubcrawl, resilience, Resiliency, Routing protocols, Scalability, Training
AbstractThe Border Gateway Protocol (BGP) is in charge of the route exchange at the Internet scale. Anomalies in BGP can have several causes (mis-configuration, outage and attacks). These anomalies are classified into large or small scale anomalies. Machine learning models are used to analyze and detect anomalies from the complex data extracted from BGP behavior. Two types of data representation can be used inside the machine learning models: a graph representation of the network (graph features) or a statistical computation on the data (statistical features). In this paper, we evaluate and compare the accuracy of machine learning models using graph features and statistical features on both large and small scale BGP anomalies. We show that statistical features have better accuracy for large scale anomalies, and graph features increase the detection accuracy by 15% for small scale anomalies and are well suited for BGP small scale anomaly detection.
DOI10.1109/LCN52139.2021.9524941
Citation Keyhoarau_suitability_2021