Abstract
For effective and secure access of Internet, the Border Gateway Protocol (BGP) has to be capable to identify and stop odd concurrences in realistic time. Despite the fact that more studies were done over the precedent 10 years to find out anomalies in BGP, the issue is still demanding since attackers and network misconfigurations frequently exhibit new, peculiar behavior. The following two main parts establishes a novel BGP anomaly detection model: It reads, "(i) Feature Extraction; (ii) Anomaly Detection."Extensive features, such as "statistical features," "higher-order statistical features," "improved holo-entropy features," and "correntropy features" are retrieved to improve the detection's accuracy and dependability. Next, the proposed DBN is deployed to identify the existence or absence of an anomaly. Furthermore, a hybrid RHMFO Optimization is used to fine-tune the weight of DBN in order to improve classification accuracy. The DBN result lets us know whether there are network anomalies or not. Finally, analysis is done, where, accuracy of the DBN + RHMFO is ( ~) 97%, which is 12.3%, 27.83%, 48.4%, 69.07%, and 51.5% improved than MLP-NN, SVM-BGPAD, DBN + ROA, DBN + EHO, and DBN + MFO, respectively.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Figa_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Fig7_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11042-023-17135-6/MediaObjects/11042_2023_17135_Fig8_HTML.png)
Similar content being viewed by others
Data Availability
Dataset 1 is made up of Border Gateway Protocol (BGP) datasets containing routing records gathered from Reseaux IP Europeens (RIPE), BCNET, and Route Views. Dataset 2 is made up of the Intrusion Detection Evaluation Dataset (CIC-IDS2017).
Abbreviations
- AS:
-
Autonomous Systems
- BGP:
-
Border Gateway Protocol
- DAOA:
-
Destination Advertisement Object-Acknowledge
- DPPBGP:
-
Detecting and preventing BGP route hijacking
- DoS:
-
Denial of Service
- DBN:
-
Deep Belief Network
- EGP:
-
Exterior Gateway Protocol
- FPR:
-
False Positive Rate
- FNR:
-
False Negative Rate
- FDR:
-
False Discovery Rate
- HEAP:
-
Hijacking Event Analysis Program
- HMM:
-
Hidden Markov Model
- IGP:
-
Interior Gateway Protocol
- LSTM:
-
Long Short Term Memory
- MLP:
-
Multi-Layer Perception
- MFO:
-
Moth-flame optimization
- MCC:
-
Mathew’s Correlation Coefficient
- NB:
-
Naive Bayes
- NN:
-
Neural Network
- NPV:
-
Negative Predictive Value
- PKI:
-
Public Key Infrastructure
- QSE-BGP:
-
Quantum Security Enhanced-BGP
- RHMFO:
-
Rider Hybridized Moth Flame Optimization
- ROA:
-
Rider Optimization Algorithm
- RTL:
-
Routing Table Leaks
- SVM :
-
Support Vector Machine
- SVM-BGPAD:
-
SVM based BGP anomaly detection system
- UUNet:
-
Unix to Unix Network
References
Pradeepa R, Pushpalatha M (2020) A hybrid OpenFlow with intelligent detection and prediction models for preventing BGP path hijack on SDN. Soft Computing 24(13):10205–10214
Cheng Lu, Edwards Phil, Kadam Girish (2019) Border Gateway Protocol Anomaly Detection Using Machine Learning Techniques”. SMU Data Sci Rev 2(1):5
McGlynn K, Acharya HB, Kwon M (2019) "Detecting BGP Route Anomalies with Deep Learning," IEEE INFOCOM 2019 - IEEE Conference on Computer CommunicationsWorkshops(INFOCOMWKSHPS), pp.10391040, https://doi.org/10.1109/INFCOMW.2019.8845138
Elamathi N, Jayashri S, Pitchai R (2019) Enhanced secure communication over inter-domain routing in heterogeneous wireless networks based on analysis of BGP anomalies using soft computing techniques. Soft Computing 23:2735–2746
Karimi M, Jahanshahi A, Mazloumi A, Sabzi HZ (2019) Border Gateway Protocol Anomaly Detection Using Neural Network. IEEE Int Conf Big Data (Big Data) 2019:6092–6094. https://doi.org/10.1109/BigData47090.2019.9006201
Ganapthi P (2021) Detection and mitigation of border gateway protocol spoofing using hybrid bat optimization algorithm and cryptography
Lad Mohit et al (2003) Analysis of BGP update surge during slammer worm attack. International Workshop on Distributed Computing Springer, Berlin, Heidelberg
Dai X, Wang N, Wang W (2019) Application of machine learning in BGP anomaly detection. J Phys: Conf Ser 1176(3):032015. IOP Publishing
Schlamp J, Holz R, Jacquemart Q, Carle G, Biersack EW (June2017) HEAP: Reliable Assessment of BGP Hijacking Attacks. IEEE J Sel Areas Commun 34(6):1849–1861. https://doi.org/10.1109/JSAC.2016.2558978
Sermpezis P et al (Dec.2018) ARTEMIS: Neutralizing BGP Hijacking Within a Minute. IEEE/ACM Trans Networking 26(6):2471–2486. https://doi.org/10.1109/TNET.2018.2869798
Al-Musawi B, Branch P, Armitage G (2017) BGP Anomaly Detection Techniques: A Survey. IEEE Commun Surv Tutor 19(1):377–396. https://doi.org/10.1109/COMST.2016.2622240
Li Q, Zhang X, Zhang X, Su P (2015) Invalidating Idealized BGP Security Proposals and Countermeasures. IEEE Trans Depend Secure Comput 12(3):298–311. https://doi.org/10.1109/TDSC.2014.2345381
Sobrinho JL (Feb.2017) Correctness of Routing Vector Protocols as a Property of Network Cycles. IEEE/ACM Trans Networking 25(1):150–163. https://doi.org/10.1109/TNET.2016.2567600
Song Y, Venkataramani A, Gao L (October 2016) Identifying and Addressing Reachability and Policy Attacks in “Secure” BGP. IEEE/ACM Trans Network 24(5):2969–2982. https://doi.org/10.1109/TNET.2015.2503642
Zhang S, Liu Y, Pei D, Liu B (2018) Measuring BGP AS path looping (BAPL) and private AS number leaking (PANL). Tsinghua Sci Technol 23(1):22–34. https://doi.org/10.26599/TST.2018.9010008
Giorgetti A (2015) Proactive H-PCE architecture with BGP-LS update for multidomain elastic optical networks. IEEE/OSA J Opt Commun Network 7(11):1–9. https://doi.org/10.1364/JOCN.7.0000B1
Gregori E, Improta A, Lenzini L, Rossi L, Sani L (2015) A Novel Methodology to Address the Internet AS-Level Data Incompleteness. IEEE/ACM Trans Network 23(4):1314–1327. https://doi.org/10.1109/TNET.2014.2323128
Li Z, Rios ALG, Trajković L (2020) Detecting internet worms, ransomware, and blackouts using recurrent neural networks. 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE
da Silva RB, Souza Mota E (2017) A Survey on Approaches to Reduce BGP Interdomain Routing Convergence Delay on the Internet. IEEE Commun Surv Tutor 19(4):29492984. https://doi.org/10.1109/COMST.2017.2722380
de Dios OG et al (Dec.2015) Multipartner demonstration of BGP-LS-enabled multidomain EON control and instantiation with H-PCE [Invited]. IEEE/OSA J Opt Commun Netw 7(12):B153–B162. https://doi.org/10.1364/JOCN.7.00B153
Godfrey PB, Caesar M, Haken I, Singer Y, Shenker S, Stoica I (2015) Stabilizing Route Selection in BGP. IEEE/ACM Trans Network 23(1):282–299. https://doi.org/10.1109/TNET.2014.2299795
Sobrinho JL, Vanbever L, Le F, Sousa A, Rexford J (2016) Scaling the Internet Routing System Through Distributed Route Aggregation. IEEE/ACM Trans Network 24(6):34623476. https://doi.org/10.1109/TNET.2016.2527842
Vissicchio S, Cittadini L, Di Battista G (2015) On iBGP Routing Policies. IEEE/ACM Trans Network 23(1):227240. https://doi.org/10.1109/TNET.2013.2296330
Zhang J, Li D, Zhao B (2019) A Prefix Hijacking Detection Model Based on the Immune Network Theory. IEEE Access 7:132384132394. https://doi.org/10.1109/ACCESS.2019.2941006
Li Z, Rios ALG, Trajković L (2021) Classifying Denial of Service Attacks Using Fast Machine Learning Algorithms. 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE
Cheng M Li Q, Lv J Liu W, Wang J "Multi-Scale LSTM Model for BGP Anomaly Classification," IEEE Trans ServComput https://doi.org/10.1109/TSC.2018.2824809
Bienkowski M, Sarrar N, Schmid S, Uhlig S (Feb.2018) Online Aggregation of the Forwarding Information Base: Accounting for Locality and Churn. IEEE/ACM Transact Network 26(1):591604. https://doi.org/10.1109/TNET.2017.2787419
Li Z, Rios ALG, Trajković L (2021) Machine learning for detecting anomalies and intrusions in communication networks. IEEE J Sel Areas Commun 39(7):2254–2264
Arul E, Manikandan V (2016) Malware detection using higher order statistical parameters. Annual convention of the computer society of India, Springer, Singapore
Mirjalili Seyedali (2015) Moth-flame optimization algorithm: A novel nature-inspired heuristic paradigm". Knowl-Based Syst 89:228–249
Zhida L et al (2019) Machine learning techniques for classifying network anomalies and intrusions. 2019 IEEE international symposium on circuits and systems (ISCAS). IEEE
Chakraborty F, Roy PK, Nandi D (2019) Oppositional elephant herding optimization with dynamic Cauchy mutation for multilevel image thresholding. Evolutionary Intelligence 12:445–467
“http://www.sfu.ca/~ljilja/cnl/projects/BGP_datasets/index.html [Access Date: 2021–04–27]”
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sunita, M., Mallapur, S.V. Optimal detection of border gateway protocol anomalies with extensive feature set. Multimed Tools Appl 83, 50893–50919 (2024). https://doi.org/10.1007/s11042-023-17135-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-023-17135-6