Document Type
Journal Article
Publication Title
Computer Networks
Volume
242
Publisher
Elsevier
School
School of Science
RAS ID
64948
Funders
Cyber Security Research Centre Limited / Australian Government’s Cooperative Research Centres Programme
Abstract
The Border Gateway Protocol (BGP), acting as the communication protocol that binds the Internet, remains vulnerable despite Internet security advancements. This is not surprising, as the Internet was not designed to be resilient to cyber-attacks, therefore the detection of anomalous activity was not of prime importance to the Internet creators. Detection of BGP anomalies can potentially provide network operators with an early warning system to focus on protecting networks, systems, and infrastructure from significant impact, improve security posture and resilience, while ultimately contributing to a secure global Internet environment. In this paper, we present a novel technique for the detection of BGP anomalies in different events. This research uses publicly available datasets of BGP messages collected from the repositories, Route Views and Réseaux IP Européens (RIPE). Our contribution is the application of a time series data mining approach, Matrix Profile (MP), to detect BGP anomalies in all categories of BGP events. Advantages of the MP detection technique compared to extant approaches include that it is domain agnostic, is assumption-free, requires few parameters, does not require training data, and is scalable and storage efficient. The single hyper-parameter analyzed in MP shows it is robust to change. Our results indicate the MP detection scheme is competitive against existing detection schemes. A novel BGP anomaly detection scheme is also proposed for further research and validation.
DOI
10.1016/j.comnet.2024.110257
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Comments
Scott, B. A., Johnstone, M. N., Szewczyk, P., & Richardson, S. (2024). Matrix profile data mining for BGP anomaly detection. Computer Networks, 242, article 110257. https://doi.org/10.1016/j.comnet.2024.110257