International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Hybrid Machine Learning Algorithm for Enhanced BGP Anomaly Detection

  • Nassir S. Kadhim (Department of Electrical, Electronic & Systems Engineering, Faculty of Engineering and Built Environment, Universiti Kebangsaan Malaysia (UKM)) ;
  • Nor Fadzilah Abdullah (Department of Electrical, Electronic & Systems Engineering, Faculty of Engineering and Built Environment, Universiti Kebangsaan Malaysia (UKM)) ;
  • Kalaivani Chellappan (Department of Electrical, Electronic & Systems Engineering, Faculty of Engineering and Built Environment, Universiti Kebangsaan Malaysia (UKM))
  • Received : 2024.11.05
  • Published : 2024.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Border Gateway Protocol (BGP) is a critical component of the Internet's infrastructure, responsible for inter-domain routing. It enables Internet Service Providers (ISPs) to manage the flow of data across the global network by announcing address prefixes and implementing routing policies. Despite its importance, BGP faces several challenges, including configuration errors and security vulnerabilities. This creates a regional or global internet service interruption. Nevertheless, the ability to detect abnormal messages transmitted via BGP enables the timely detection of such attacks. Machine learning (ML) has recently grown crucial in improving the effectiveness, efficiency, and scalability of BGP anomaly detection systems. This study evaluates the ML models for detection and identifying BGP anomalies. We applied a statistical analysis to the 24 BGP features extracted from a realistic network topology based on simulation. Three feature sets were categorized based on their significance in classifying anomalies and their potential for predicting cyberattacks. A comprehensive assessment of the performance of eight ML algorithms in detecting BGP anomalies utilizing multiple features and dataset structures has been conducted. The assessment findings revealed that the ML models exhibit consistent results with the tested dataset that containing a number of significant features data in terms of performance metrics and demonstrated that the combined dataset structure produced better results than the individual datasets. To enhance the BGP anomaly detection model and get the best results, we proposed a hybrid SGD-RF ML model, which achieved the highest accuracy by 99.3%, as well as improvement with an AUC value of 0.993 and other performance metrics as compared to the individual models.

Keywords

Acknowledgement

Part of this work is funded by Universiti Kebangsaan Malaysia (ref: DPK-2023-009). The authors would like to thank the Ministry of Communication (MOC), Iraqi Telecommunication and Post Company (ITPC) for the shared data.

References

  1. Alotaibi, H. S., Gregory, M. A., Li, S. & Ali, I., 2022. Multidomain SDN-based gateways and Border Gateway Protocol. Journal of Computer Networks and Communications, 2022(1): 1-23. https://doi.org/10.1155/2022/3955800
  2. Mala, S. & Mallapur, S. V., 2022. A brief analysis of Border Gateway Protocol for Internet controlling and malicious attacks. International Conference on Computing, Communication, Electrical and Biomedical, pp. 561-572.
  3. Liao, H., Murah, M.Z., Hasan, M.K., Aman, A.H.M., Fang, J., Hu, X. and Khan, A.U.R., 2024. A survey of deep Learning technologies for intrusion detection in Internet of Things. IEEE Access. https://doi.org/10.1109/ACCESS.2023.3349287
  4. Mousa'B, M.S., Hasan, M.K., Sulaiman, R., Islam, S. and Khan, A.U.R., 2023. An explainable ensemble deep learning approach for intrusion detection in industrial Internet of Things. IEEE Access, 11 :115047-115061. https://doi.org/10.1109/ACCESS.2023.3323573
  5. Mohamed, M. and Alosman, K., 2024. A comprehensive machine learning framework for robust security management in cloud-based Internet of Things systems. Jurnal Kejuruteraan, 36(3), pp.1055-1065. https://doi.org/10.17576/jkukm-2024-36(3)-18
  6. Ahmad, Z., Shahid Khan, A., Nisar, K., Haider, I., Hassan, R., Haque, M.R., Tarmizi, S. and Rodrigues, J.J., 2021. Anomaly detection using deep neural network for IoT architecture. Applied Sciences, 11(15), p.7050. https://doi.org/10.3390/app11157050
  7. Al-Daweri, M.S., Abdullah, S. and Ariffin, K.A.Z., 2021. An adaptive method and a new dataset, UKM-IDS20, for the network intrusion detection system. Computer Communications, 180, pp.57-76. https://doi.org/10.1016/j.comcom.2021.09.007
  8. Vafaei Sadr, A., Bassett, B. A. & Kunz, M. 2023. A flexible framework for anomaly detection via dimensionality reduction. Neural Computing and Applications 35(2): 1157-1167. https://doi.org/10.1007/s00521-021-05839-5
  9. Hoarau, K., Tournoux, P. U. & Razafindralambo, T. 2022. Detecting forged AS paths from BGP graph features using Recurrent Neural Networks. IEEE 19th Annual Consumer Communications & Networking Conference (CCNC), pp. 735-736.
  10. Chliah, H., Battou, A., Hadj, M. a. E. & Laoufi, A. 2023. Hybrid machine learning-based approach for anomaly detection using Apache Spark. International Journal of Advanced Computer Science and Applications 14(4). https://doi.org/10.14569/IJACSA.2023.0140496
  11. Ding, Q., Li, Z., Haeri, S. and Trajković, L., 2018. Application of machine learning techniques to detecting anomalies in communication networks: Datasets and feature selection algorithms, pp. 47-70. Springer International Publishing.
  12. Verma, R.D., Govil, M.C. and Keserwani, P.K., 2023. ELM based ensemble of classifiers for BGP security against network anomalies. 11th International Symposium on Electronic Systems Devices and Computing (ESDC), pp. 1-6.
  13. Dietterich, T., 2000. Ensemble Methods in Machine Learning. Multiple Classifier Systems, pp.1-15.
  14. Banda, M., Ngassam, E.K. And Mnkandla, E., 2024. Enhancing Classification and Prediction through the Application of Hybrid Machine Learning Models. IEEE IST Africa Conference (IST-Africa), pp. 1-12.
  15. Barbir, A., Murphy, S. and Yang, Y., 2006. Generic threats to routing protocols. http://www.ietf.org/rfc/rfc4593.txt
  16. Ibidunmoye, O., Rezaie, A.R. and Elmroth, E., 2017. Adaptive anomaly detection in performance metric streams. IEEE Transactions on Network and Service Management, 15(1): 217-231. https://doi.org/10.1109/TNSM.2017.2750906
  17. Poupart, P., Chen, Z., Jaini, P., Fung, F., Susanto, H., Geng, Y., Chen, L., Chen, K. and Jin, H., 2016. Online flow size prediction for improved network routing. IEEE 24th International Conference on Network Protocols (ICNP), pp.1-6.
  18. Sanchez, O.R., Ferlin, S., Pelsser, C. and Bush, R., 2019. Comparing machine learning algorithms for BGP anomaly detection using graph features. 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks, pp. 35-41.
  19. Karimi, M., Jahanshahi, A., Mazloumi, A. and Sabzi, H.Z., 2019. Border gateway protocol anomaly detection using neural network. IEEE International Conference on Big Data, pp. 6092-6094.
  20. Al-Musawi, B., Branch, P. & Armitage, G. 2016. BGP anomaly detection techniques: A survey. IEEE Communications Surveys & Tutorials, 19(1): 377-396. https://doi.org/10.1109/COMST.2016.2622240
  21. Bhatnagar, A., Majumdar, N. and Shukla, S., 2019. BGP anomaly detection using decision tree-based machine learning classifiers. International Journal of Innovative Technology and Exploring Engineering (IJITEE), 8: 4015-4020. https://doi.org/10.35940/ijitee.L3622.1081219
  22. Kalra, H., Singh, A.P. and Sadhya, D., 2021. Anomaly detection in Border Gateway Protocol using supervised machine learning. IEEE Bombay Section Signature Conference (IBSSC), pp. 1-6.
  23. Paiva, T.B., Siqueira, Y., Batista, D.M., Hirata, R. and Terada, R., 2021. BGP anomalies classification using features based on as relationship graphs. IEEE Latin-American Conference on Communications (LATINCOM), pp. 1-6.
  24. Al-Rousan, N.M. and Trajković, L., 2012. Machine learning models for classification of BGP anomalies. IEEE 13th International Conference on High Performance Switching and Routing, pp. 103-108.
  25. Lutu, A., Bagnulo, M., Cid-Sueiro, J. and Maennel, O., 2014. Separating wheat from chaff: Winnowing unintended prefixes using machine learning. IEEE Conference on Computer Communications (INFOCOM), pp. 943-951.
  26. Allahdadi, A., Morla, R. and Prior, R., 2017. A framework for BGP abnormal events detection. arXiv preprint: 1708.03453.
  27. Cheng, M., Li, Q., Lv, J., Liu, W. & Wang, J., 2021. Multiscale LSTM model for BGP anomaly classification. IEEE Transactions on Services Computing 14(3): 765-778. https://doi.org/10.1109/TSC.2018.2824809
  28. Dai, X., Wang, N. and Wang, W., 2019, March. Application of machine learning in BGP anomaly detection. Journal of Physics: Conference Series, 1176(3): 032015. https://doi.org/10.1088/1742-6596/1176/3/032015
  29. Cosovic, M., Obradovic, S. and Junuz, E., 2018. Deep learning for detection of BGP anomalies. Time Series Analysis and Forecasting: Selected Contributions from ITISE 2017, pp. 95-113. Springer International Publishing.
  30. Li, Z., Rios, A.L.G. and Trajković, L., 2020. Detecting internet worms, ransomware, and blackouts using recurrent neural networks. IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 2165-2172.
  31. Hoarau, K., Tournoux, P.U. and Razafindralambo, T., 2021, June. BML: an efficient and versatile tool for BGP dataset collection. IEEE International Conference on Communications (ICC) Workshops, pp. 1-6.
  32. Park, H., Kim, K., Shin, D. and Shin, D., 2023. BGP dataset based malicious user activity detection using machine learning. Information, 14(9): 501. https://doi.org/10.3390/info14090501
  33. Butler, K., Farley, T. R., McDaniel, P. & Rexford, J., 2009. A survey of BGP security issues and solutions. Proceedings of the IEEE, 98(1): 100-122. https://doi.org/10.1109/JPROC.2009.2034031
  34. Hoarau, K., Tournoux, P. U.& Razafindralambo, T., 2021. Suitability of graph representation for BGP anomaly detection. IEEE 46th Conference on Local Computer Networks (LCN), pp.305-310.
  35. Edgar, T.W. and Manz, D.O., 2017. Research methods for cyber security. Syngress.
  36. Ali, J., Khan, R., Ahmad, N. and Maqsood, I., 2012. Random forests and decision trees. International Journal of Computer Science Issues (IJCSI), 9(5): 272.
  37. Muneer, A., Mohd Taib, S., Mohamed Fati, S., O. Balogun, A. & Abdul Aziz, I., 2022. A hybrid deep learning-based unsupervised anomaly detection in high dimensional data. Computers, Materials & Continua 70(3): 5363-5381. https://doi.org/10.32604/cmc.2022.021113
  38. Bernieri, G., Conti, M. and Turrin, F., 2019. Evaluation of machine learning algorithms for anomaly detection in industrial networks. IEEE International Symposium on Measurements & Networking (M&N), pp. 1-6.
  39. Rodríguez, M., Alesanco, Á., Mehavilla, L. and García, J., 2022. Evaluation of machine learning techniques for traffic flow-based intrusion detection. Sensors, 22(23): 9326. https://doi.org/10.3390/s22239326
  40. Kubat, M., 2017. An introduction to machine learning. Springer, Cham.
  41. Bognár, L. & Fauszt, T., 2022. Factors and conditions that affect the goodness of machine learning models for predicting the success of learning. Computers and Education: Artificial Intelligence 3: 100100. https://doi.org/10.1016/j.caeai.2022.100100
  42. Ray, S,. 2024. 8 Ways to Improve Accuracy of Machine Learning Models. Available at: https://www.analyticsvidhya.com/blog/2015/12/improvemachine-learning-results/ (Accessed: 25 October 2024).
  43. Ridwan, M.A., Radzi, N.A.M., Azmi, K.H.M., Abdullah, F. & Ahmad, W.S.H.M.W. 2023. A new machine learning based hybrid intrusion detection system and intelligent routing algorithm for MPLS network. International Journal of Advanced Computer Science and Applications 14(4): 94-107. https://doi.org/10.14569/IJACSA.2023.0140412
  44. Yu, Y., Lv, P., Tong, X. and Dong, J., 2020. Anomaly detection in high-dimensional data based on autoregressive flow. Database Systems for Advanced Applications: 25th International Conference (DASFAA), pp. 125-140.
  45. Kadhim, N.S., Chellappan, K. & Abdullah, N.F.,2024. BGP security analysis using network simulation: An impact study ofcyber attacks. Jurnal Kejuruteraan.