A survey of advanced border gateway protocol attack detection techniques

Authors

Ben A. Scott, Edith Cowan UniversityFollow
Michael N. Johnstone, Edith Cowan UniversityFollow
Patryk Szewczyk, Edith Cowan UniversityFollow

Author Identifier

Ben A. Scott: https://orcid.org/0000-0003-3209-2184

Michael N. Johnstone: https://orcid.org/0000-0001-7192-7098

Patryk Szewczyk: https://orcid.org/0000-0003-3040-9344

Document Type

Journal Article

Publication Title

Sensors (Basel, Switzerland)

Volume

24

Issue

19

PubMed ID

39409453

Publisher

MDPI

School

School of Science

RAS ID

72491

Funders

Edith Cowan University / Cyber Security Research Centre Limited / Australian Government’s Cooperative Research Centres Programme

Comments

Scott, B. A., Johnstone, M. N., & Szewczyk, P. (2024). A Survey of Advanced Border Gateway Protocol Attack Detection Techniques. Sensors, 24(19). https://doi.org/10.3390/s24196414

Abstract

The Internet's default inter-domain routing system, the Border Gateway Protocol (BGP), remains insecure. Detection techniques are dominated by approaches that involve large numbers of features, parameters, domain-specific tuning, and training, often contributing to an unacceptable computational cost. Efforts to detect anomalous activity in the BGP have been almost exclusively focused on single observable monitoring points and Autonomous Systems (ASs). BGP attacks can exploit and evade these limitations. In this paper, we review and evaluate categories of BGP attacks based on their complexity. Previously identified next-generation BGP detection techniques remain incapable of detecting advanced attacks that exploit single observable detection approaches and those designed to evade public routing monitor infrastructures. Advanced BGP attack detection requires lightweight, rapid capabilities with the capacity to quantify group-level multi-viewpoint interactions, dynamics, and information. We term this approach advanced BGP anomaly detection. This survey evaluates 178 anomaly detection techniques and identifies which are candidates for advanced attack anomaly detection. Preliminary findings from an exploratory investigation of advanced BGP attack candidates are also reported.

DOI

10.3390/s24196414

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.