Feature Analysis and Selection for BGP Anomaly Detection

Automated incidence reporting requires accurate and timely anomaly detection. This paper considers this in the context of the Border Gateway Protocol (BGP). BGP is crucial for Internet routing but is vulnerable to attacks due to a lack of widespread authentication. While rare, BGP disruptions can be highly detrimental to Internet performance and security. Detecting BGP anomalies helps network operators protect their networks and improve Internet reliability. In this work, we investigate and develop anomaly detection for BGP using Machine-Learning. We extract relevant features of BGP control plane messages from RIPE RIS and RouteViews public datasets. After extracting features, we employ various feature selection algorithms to extract the most relevant features and explore balancing the datasets. Finally, we explore detection latency, an important operating parameter for automated anomaly detection. The results show that BGP anomalies can be detected in the order of seven minutes when using real attack data and that the observation point for the BGP data has a significant effect on anomaly detection.