Author Identifier

Ben Scott

http://orcid.org/0000-0003-3209-2184

Date of Award

2024

Document Type

Thesis - ECU Access Only

Publisher

Edith Cowan University

Degree Name

Doctor of Philosophy

School

School of Science

First Supervisor

Mike Johnstone

Second Supervisor

Patryk Szewczyk

Third Supervisor

Steven Richardson

Abstract

The Border Gateway Protocol (BGP) is the essential interdomain routing protocol for global connectivity, enabling the efficient routing of Internet traffic. However, inherent vulnerabilities expose BGP to various security threats, from benign misconfigurations to malicious attacks designed to disrupt network operations. Established detection frameworks and techniques often rely on extensive feature sets, specialised tuning, and intensive computation, which may not scale effectively or adapt to evolving threats. Traditionally, BGP anomaly detection has focused on single points of observation and individual Autonomous Systems (ASes). This thesis advances BGP anomaly detection through an investigation of advanced nonlinear statistical analysis and low-parameter data mining techniques, specifically through the application of Multidimensional Recurrence Quantification Analysis (MdRQA) and Matrix Profile (MP). These techniques are explored for their capability to enhance BGP anomaly detection engines, offering new perspectives on network dynamics at a computationally efficient, group-AS level. This thesis adopts a dual protocol-system perspective. Key contributions include the introduction of MdRQA, which presents a novel approach for analysing group-AS dynamics and establishing a robust, group-level anomaly detection framework. MdRQA demonstrated notably earlier anomaly detection across significant incidents, often hours earlier than some established approaches, while achieving other performance metrics on par with state-of-the-art methods. The pioneering use of MP as a BGP anomaly detection technique demonstrated advantages, outperforming other models in detection times. MP achieved earlier detection across multiple incidents when compared to some state-of-the-art techniques, highlighting its effectiveness for real-time monitoring. Across incidents, MdRQA consistently achieved the most rapid anomaly detection times, demonstrating potential as an effective tool for a group-level anomaly detection technique. These innovations not only enhance the understanding of security within BGP interdomain routing but also equip network operators with advanced BGP detection and response tools. By improving detection capabilities and timeliness, this thesis contributes to the stability and security of the global Internet, which underpins numerous facets of contemporary society.

DOI

10.25958/9x59-za92

Download

Share

 
COinS