Utilizing Duplicate Announcements for BGP Anomaly Detection
The Border Gateway Protocol (BGP) is the backbone of inter-domain routing on the internet, but its susceptibility to both benign and malicious anomalies creates substantial risks to both network reliability and security. In this study, we present a new approach for deep learning-based BGP anomaly de...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-02-01
|
| Series: | Telecom |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2673-4001/6/1/11 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The Border Gateway Protocol (BGP) is the backbone of inter-domain routing on the internet, but its susceptibility to both benign and malicious anomalies creates substantial risks to both network reliability and security. In this study, we present a new approach for deep learning-based BGP anomaly detection utilizing duplicate announcements, which are known to be a symptom of routing disruptions. We developed our methodology based on public BGP data from RIPE and Route Views. We used the number of duplicate announcements as a baseline against which we checked for sporadic and time-based anomalies. Here, we propose a deep learning framework based on the Exponential Moving Average (EMA) model in combination with Autoencoder for anomaly identification. We also apply the Temporal-oriented Synthetic Minority Over-Sampling Technique (T-SMOTE) to overcome data imbalance. Comparative evaluations show that the Autoencoder model is significantly better than LSTM and that existing state-of-the-art methods have higher accuracy, precision, recall, and F1 scores. This study proposes a reliable, scalable, and rapid framework for real-time BGP adversary detection, which improves network security and resilience. |
|---|---|
| ISSN: | 2673-4001 |