Utilizing Duplicate Announcements for BGP Anomaly Detection
The Border Gateway Protocol (BGP) is the backbone of inter-domain routing on the internet, but its susceptibility to both benign and malicious anomalies creates substantial risks to both network reliability and security. In this study, we present a new approach for deep learning-based BGP anomaly de...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-02-01
|
| Series: | Telecom |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2673-4001/6/1/11 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850088162536194048 |
|---|---|
| author | Rahul Deo Verma Pankaj Kumar Keserwani Vinesh Kumar Jain Mahesh Chandra Govil Valmik Tilwari |
| author_facet | Rahul Deo Verma Pankaj Kumar Keserwani Vinesh Kumar Jain Mahesh Chandra Govil Valmik Tilwari |
| author_sort | Rahul Deo Verma |
| collection | DOAJ |
| description | The Border Gateway Protocol (BGP) is the backbone of inter-domain routing on the internet, but its susceptibility to both benign and malicious anomalies creates substantial risks to both network reliability and security. In this study, we present a new approach for deep learning-based BGP anomaly detection utilizing duplicate announcements, which are known to be a symptom of routing disruptions. We developed our methodology based on public BGP data from RIPE and Route Views. We used the number of duplicate announcements as a baseline against which we checked for sporadic and time-based anomalies. Here, we propose a deep learning framework based on the Exponential Moving Average (EMA) model in combination with Autoencoder for anomaly identification. We also apply the Temporal-oriented Synthetic Minority Over-Sampling Technique (T-SMOTE) to overcome data imbalance. Comparative evaluations show that the Autoencoder model is significantly better than LSTM and that existing state-of-the-art methods have higher accuracy, precision, recall, and F1 scores. This study proposes a reliable, scalable, and rapid framework for real-time BGP adversary detection, which improves network security and resilience. |
| format | Article |
| id | doaj-art-4bde173d98964c29b4e88b425fe35e88 |
| institution | DOAJ |
| issn | 2673-4001 |
| language | English |
| publishDate | 2025-02-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Telecom |
| spelling | doaj-art-4bde173d98964c29b4e88b425fe35e882025-08-20T02:43:04ZengMDPI AGTelecom2673-40012025-02-01611110.3390/telecom6010011Utilizing Duplicate Announcements for BGP Anomaly DetectionRahul Deo Verma0Pankaj Kumar Keserwani1Vinesh Kumar Jain2Mahesh Chandra Govil3Valmik Tilwari4Department of Computer Science and Engineering, National Institute of Technology, Ravangla 737139, Sikkim, IndiaDepartment of Computer Science and Engineering, National Institute of Technology, Ravangla 737139, Sikkim, IndiaDepartment of Computer Engineering, Government Engineering College, Ajmer 305025, Rajasthan, IndiaDepartment of Computer Science and Engineering, National Institute of Technology, Ravangla 737139, Sikkim, IndiaElectrical Engineering Department, Korea University, Seoul 02841, Republic of KoreaThe Border Gateway Protocol (BGP) is the backbone of inter-domain routing on the internet, but its susceptibility to both benign and malicious anomalies creates substantial risks to both network reliability and security. In this study, we present a new approach for deep learning-based BGP anomaly detection utilizing duplicate announcements, which are known to be a symptom of routing disruptions. We developed our methodology based on public BGP data from RIPE and Route Views. We used the number of duplicate announcements as a baseline against which we checked for sporadic and time-based anomalies. Here, we propose a deep learning framework based on the Exponential Moving Average (EMA) model in combination with Autoencoder for anomaly identification. We also apply the Temporal-oriented Synthetic Minority Over-Sampling Technique (T-SMOTE) to overcome data imbalance. Comparative evaluations show that the Autoencoder model is significantly better than LSTM and that existing state-of-the-art methods have higher accuracy, precision, recall, and F1 scores. This study proposes a reliable, scalable, and rapid framework for real-time BGP adversary detection, which improves network security and resilience.https://www.mdpi.com/2673-4001/6/1/11machine learningborder gateway protocolanomaly detectionduplicate announcementsprefix hijackingnetwork security |
| spellingShingle | Rahul Deo Verma Pankaj Kumar Keserwani Vinesh Kumar Jain Mahesh Chandra Govil Valmik Tilwari Utilizing Duplicate Announcements for BGP Anomaly Detection Telecom machine learning border gateway protocol anomaly detection duplicate announcements prefix hijacking network security |
| title | Utilizing Duplicate Announcements for BGP Anomaly Detection |
| title_full | Utilizing Duplicate Announcements for BGP Anomaly Detection |
| title_fullStr | Utilizing Duplicate Announcements for BGP Anomaly Detection |
| title_full_unstemmed | Utilizing Duplicate Announcements for BGP Anomaly Detection |
| title_short | Utilizing Duplicate Announcements for BGP Anomaly Detection |
| title_sort | utilizing duplicate announcements for bgp anomaly detection |
| topic | machine learning border gateway protocol anomaly detection duplicate announcements prefix hijacking network security |
| url | https://www.mdpi.com/2673-4001/6/1/11 |
| work_keys_str_mv | AT rahuldeoverma utilizingduplicateannouncementsforbgpanomalydetection AT pankajkumarkeserwani utilizingduplicateannouncementsforbgpanomalydetection AT vineshkumarjain utilizingduplicateannouncementsforbgpanomalydetection AT maheshchandragovil utilizingduplicateannouncementsforbgpanomalydetection AT valmiktilwari utilizingduplicateannouncementsforbgpanomalydetection |