Skip to main content
SpringerLink
Log in

Optimal detection of border gateway protocol anomalies with extensive feature set

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

For effective and secure access of Internet, the Border Gateway Protocol (BGP) has to be capable to identify and stop odd concurrences in realistic time. Despite the fact that more studies were done over the precedent 10 years to find out anomalies in BGP, the issue is still demanding since attackers and network misconfigurations frequently exhibit new, peculiar behavior. The following two main parts establishes a novel BGP anomaly detection model: It reads, "(i) Feature Extraction; (ii) Anomaly Detection."Extensive features, such as "statistical features," "higher-order statistical features," "improved holo-entropy features," and "correntropy features" are retrieved to improve the detection's accuracy and dependability. Next, the proposed DBN is deployed to identify the existence or absence of an anomaly. Furthermore, a hybrid RHMFO Optimization is used to fine-tune the weight of DBN in order to improve classification accuracy. The DBN result lets us know whether there are network anomalies or not. Finally, analysis is done, where, accuracy of the DBN + RHMFO is ( ~) 97%, which is 12.3%, 27.83%, 48.4%, 69.07%, and 51.5% improved than MLP-NN, SVM-BGPAD, DBN + ROA, DBN + EHO, and DBN + MFO, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Algorithm 1
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data Availability

Dataset 1 is made up of Border Gateway Protocol (BGP) datasets containing routing records gathered from Reseaux IP Europeens (RIPE), BCNET, and Route Views. Dataset 2 is made up of the Intrusion Detection Evaluation Dataset (CIC-IDS2017).

Abbreviations

AS:

Autonomous Systems

BGP:

Border Gateway Protocol

DAOA:

Destination Advertisement Object-Acknowledge

DPPBGP:

Detecting and preventing BGP route hijacking

DoS:

Denial of Service

DBN:

Deep Belief Network

EGP:

Exterior Gateway Protocol

FPR:

False Positive Rate

FNR:

False Negative Rate

FDR:

False Discovery Rate

HEAP:

Hijacking Event Analysis Program

HMM:

Hidden Markov Model

IGP:

Interior Gateway Protocol

LSTM:

Long Short Term Memory

MLP:

Multi-Layer Perception

MFO:

Moth-flame optimization

MCC:

Mathew’s Correlation Coefficient

NB:

Naive Bayes

NN:

Neural Network

NPV:

Negative Predictive Value

PKI:

Public Key Infrastructure

QSE-BGP:

Quantum Security Enhanced-BGP

RHMFO:

Rider Hybridized Moth Flame Optimization

ROA:

Rider Optimization Algorithm

RTL:

Routing Table Leaks

SVM :

Support Vector Machine

SVM-BGPAD:

SVM based BGP anomaly detection system

UUNet:

Unix to Unix Network

References

  1. Pradeepa R, Pushpalatha M (2020) A hybrid OpenFlow with intelligent detection and prediction models for preventing BGP path hijack on SDN. Soft Computing 24(13):10205–10214

    Article  Google Scholar 

  2. Cheng Lu, Edwards Phil, Kadam Girish (2019) Border Gateway Protocol Anomaly Detection Using Machine Learning Techniques”. SMU Data Sci Rev 2(1):5

    Google Scholar 

  3. McGlynn K, Acharya HB, Kwon M (2019) "Detecting BGP Route Anomalies with Deep Learning," IEEE INFOCOM 2019 - IEEE Conference on Computer CommunicationsWorkshops(INFOCOMWKSHPS), pp.10391040, https://doi.org/10.1109/INFCOMW.2019.8845138

  4. Elamathi N, Jayashri S, Pitchai R (2019) Enhanced secure communication over inter-domain routing in heterogeneous wireless networks based on analysis of BGP anomalies using soft computing techniques. Soft Computing 23:2735–2746

    Article  Google Scholar 

  5. Karimi M, Jahanshahi A, Mazloumi A, Sabzi HZ (2019) Border Gateway Protocol Anomaly Detection Using Neural Network. IEEE Int Conf Big Data (Big Data) 2019:6092–6094. https://doi.org/10.1109/BigData47090.2019.9006201

    Article  Google Scholar 

  6. Ganapthi P (2021) Detection and mitigation of border gateway protocol spoofing using hybrid bat optimization algorithm and cryptography

    Google Scholar 

  7. Lad Mohit et al (2003) Analysis of BGP update surge during slammer worm attack. International Workshop on Distributed Computing Springer, Berlin, Heidelberg

    Book  Google Scholar 

  8. Dai X, Wang N, Wang W (2019) Application of machine learning in BGP anomaly detection. J Phys: Conf Ser 1176(3):032015. IOP Publishing

    Google Scholar 

  9. Schlamp J, Holz R, Jacquemart Q, Carle G, Biersack EW (June2017) HEAP: Reliable Assessment of BGP Hijacking Attacks. IEEE J Sel Areas Commun 34(6):1849–1861. https://doi.org/10.1109/JSAC.2016.2558978

    Article  Google Scholar 

  10. Sermpezis P et al (Dec.2018) ARTEMIS: Neutralizing BGP Hijacking Within a Minute. IEEE/ACM Trans Networking 26(6):2471–2486. https://doi.org/10.1109/TNET.2018.2869798

    Article  Google Scholar 

  11. Al-Musawi B, Branch P, Armitage G (2017) BGP Anomaly Detection Techniques: A Survey. IEEE Commun Surv Tutor 19(1):377–396. https://doi.org/10.1109/COMST.2016.2622240

    Article  Google Scholar 

  12. Li Q, Zhang X, Zhang X, Su P (2015) Invalidating Idealized BGP Security Proposals and Countermeasures. IEEE Trans Depend Secure Comput 12(3):298–311. https://doi.org/10.1109/TDSC.2014.2345381

    Article  Google Scholar 

  13. Sobrinho JL (Feb.2017) Correctness of Routing Vector Protocols as a Property of Network Cycles. IEEE/ACM Trans Networking 25(1):150–163. https://doi.org/10.1109/TNET.2016.2567600

    Article  Google Scholar 

  14. Song Y, Venkataramani A, Gao L (October 2016) Identifying and Addressing Reachability and Policy Attacks in “Secure” BGP. IEEE/ACM Trans Network 24(5):2969–2982. https://doi.org/10.1109/TNET.2015.2503642

    Article  Google Scholar 

  15. Zhang S, Liu Y, Pei D, Liu B (2018) Measuring BGP AS path looping (BAPL) and private AS number leaking (PANL). Tsinghua Sci Technol 23(1):22–34. https://doi.org/10.26599/TST.2018.9010008

    Article  Google Scholar 

  16. Giorgetti A (2015) Proactive H-PCE architecture with BGP-LS update for multidomain elastic optical networks. IEEE/OSA J Opt Commun Network 7(11):1–9. https://doi.org/10.1364/JOCN.7.0000B1

    Article  MathSciNet  Google Scholar 

  17. Gregori E, Improta A, Lenzini L, Rossi L, Sani L (2015) A Novel Methodology to Address the Internet AS-Level Data Incompleteness. IEEE/ACM Trans Network 23(4):1314–1327. https://doi.org/10.1109/TNET.2014.2323128

    Article  Google Scholar 

  18. Li Z, Rios ALG, Trajković L (2020) Detecting internet worms, ransomware, and blackouts using recurrent neural networks. 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE

    Google Scholar 

  19. da Silva RB, Souza Mota E (2017) A Survey on Approaches to Reduce BGP Interdomain Routing Convergence Delay on the Internet. IEEE Commun Surv Tutor 19(4):29492984. https://doi.org/10.1109/COMST.2017.2722380

    Article  Google Scholar 

  20. de Dios OG et al (Dec.2015) Multipartner demonstration of BGP-LS-enabled multidomain EON control and instantiation with H-PCE [Invited]. IEEE/OSA J Opt Commun Netw 7(12):B153–B162. https://doi.org/10.1364/JOCN.7.00B153

    Article  Google Scholar 

  21. Godfrey PB, Caesar M, Haken I, Singer Y, Shenker S, Stoica I (2015) Stabilizing Route Selection in BGP. IEEE/ACM Trans Network 23(1):282–299. https://doi.org/10.1109/TNET.2014.2299795

    Article  Google Scholar 

  22. Sobrinho JL, Vanbever L, Le F, Sousa A, Rexford J (2016) Scaling the Internet Routing System Through Distributed Route Aggregation. IEEE/ACM Trans Network 24(6):34623476. https://doi.org/10.1109/TNET.2016.2527842

    Article  Google Scholar 

  23. Vissicchio S, Cittadini L, Di Battista G (2015) On iBGP Routing Policies. IEEE/ACM Trans Network 23(1):227240. https://doi.org/10.1109/TNET.2013.2296330

    Article  Google Scholar 

  24. Zhang J, Li D, Zhao B (2019) A Prefix Hijacking Detection Model Based on the Immune Network Theory. IEEE Access 7:132384132394. https://doi.org/10.1109/ACCESS.2019.2941006

    Article  Google Scholar 

  25. Li Z, Rios ALG, Trajković L (2021) Classifying Denial of Service Attacks Using Fast Machine Learning Algorithms. 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE

    Google Scholar 

  26. Cheng M Li Q, Lv J Liu W, Wang J "Multi-Scale LSTM Model for BGP Anomaly Classification," IEEE Trans ServComput https://doi.org/10.1109/TSC.2018.2824809

  27. Bienkowski M, Sarrar N, Schmid S, Uhlig S (Feb.2018) Online Aggregation of the Forwarding Information Base: Accounting for Locality and Churn. IEEE/ACM Transact Network 26(1):591604. https://doi.org/10.1109/TNET.2017.2787419

    Article  Google Scholar 

  28. Li Z, Rios ALG, Trajković L (2021) Machine learning for detecting anomalies and intrusions in communication networks. IEEE J Sel Areas Commun 39(7):2254–2264

    Article  Google Scholar 

  29. Arul E, Manikandan V (2016) Malware detection using higher order statistical parameters. Annual convention of the computer society of India, Springer, Singapore

    Book  Google Scholar 

  30. Mirjalili Seyedali (2015) Moth-flame optimization algorithm: A novel nature-inspired heuristic paradigm". Knowl-Based Syst 89:228–249

    Article  Google Scholar 

  31. Zhida L et al (2019) Machine learning techniques for classifying network anomalies and intrusions. 2019 IEEE international symposium on circuits and systems (ISCAS). IEEE

    Google Scholar 

  32. Chakraborty F, Roy PK, Nandi D (2019) Oppositional elephant herding optimization with dynamic Cauchy mutation for multilevel image thresholding. Evolutionary Intelligence 12:445–467

    Article  Google Scholar 

  33. http://www.sfu.ca/~ljilja/cnl/projects/BGP_datasets/index.html [Access Date: 2021–04–27]”

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Marri Laxman Reddy Institute of Technology and Management, Domara Pocham Pally, Telangana, 500043, India

    M. Sunita

  2. Department of Information Science and Engineering, Sharnbasva University, Kalaburagi, Karnataka, 585105, India

    Sujata V. Mallapur

Authors
  1. M. Sunita
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sujata V. Mallapur
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. Sunita.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sunita, M., Mallapur, S.V. Optimal detection of border gateway protocol anomalies with extensive feature set. Multimed Tools Appl 83, 50893–50919 (2024). https://doi.org/10.1007/s11042-023-17135-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-023-17135-6

Keywords

Search

Navigation