Skip to Main content Skip to Navigation
Conference papers

Suitability of Graph Representation for BGP Anomaly Detection

Abstract : The Border Gateway Protocol (BGP) is in charge of the route exchange at the Internet scale. Anomalies in BGP can have several causes (mis-configuration, outage and attacks). These anomalies are classified into large or small scale anomalies. Machine learning models are used to analyze and detect anomalies from the complex data extracted from BGP behavior. Two types of data representation can be used inside the machine learning models: a graph representation of the network (graph features) or a statistical computation on the data (statistical features). In this paper, we evaluate and compare the accuracy of machine learning models using graph features and statistical features on both large and small scale BGP anomalies. We show that statistical features have better accuracy for large scale anomalies, and graph features increase the detection accuracy by 15% for small scale anomalies and are well suited for BGP small scale anomaly detection.
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-03398624
Contributor : Kévin Hoarau Connect in order to contact the contributor
Submitted on : Saturday, October 23, 2021 - 7:44:05 AM
Last modification on : Wednesday, May 11, 2022 - 2:16:02 PM

File

Suitability.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Kevin Hoarau, Pierre Ugo Tournoux, Tahiry Razafindralambo. Suitability of Graph Representation for BGP Anomaly Detection. 2021 IEEE 46th Conference on Local Computer Networks (LCN), Oct 2021, Edmonton, Canada. pp.305-310, ⟨10.1109/LCN52139.2021.9524941⟩. ⟨hal-03398624⟩

Share

Metrics

Record views

41

Files downloads

50