A Multi-View Framework for BGP Anomaly Detection via Graph Attention Network. (arXiv:2112.12793v1 [cs.LG])

As the default protocol for exchanging routing reachability information on
the Internet, the abnormal behavior in traffic of Border Gateway Protocols
(BGP) is closely related to Internet anomaly events. The BGP anomalous
detection model ensures stable routing services on the Internet through its
real-time monitoring and alerting capabilities. Previous studies either focused
on the feature selection problem or the memory characteristic in data, while
ignoring the relationship between features and the precise time correlation in
feature (whether it’s long or short term dependence). In this paper, we propose
a multi-view model for capturing anomalous behaviors from BGP update traffic,
in which Seasonal and Trend decomposition using Loess (STL) method is used to
reduce the noise in the original time-series data, and Graph Attention Network
(GAT) is used to discover feature relationships and time correlations in
feature, respectively. Our results outperform the state-of-the-art methods at
the anomaly detection task, with the average F1 score up to 96.3% and 93.2% on
the balanced and imbalanced datasets respectively. Meanwhile, our model can be
extended to classify multiple anomalous and to detect unknown events.

Source: https://arxiv.org/abs/2112.12793


Related post