A deep learning framework for BGP anomaly detection and classification
| Ano de defesa: | 2019 |
|---|---|
| Autor(a) principal: | |
| Outros Autores: | , |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Tese |
| Tipo de acesso: | Acesso aberto |
| Idioma: | eng |
| Instituição de defesa: |
Universidade Federal do Amazonas
Instituto de Computação Brasil UFAM Programa de Pós-graduação em Informática |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://tede.ufam.edu.br/handle/tede/7700 |
Resumo: | The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectivity among Autonomous Systems (ASes). Although BGP disruptions are rare when they occur the consequences can be very damaging. Consequently, there has been a considerable effort aimed at understanding what is normal and abnormal BGP traffic and, in so doing, enable potentially disruptive anomalous traffic to be identified quickly. Even though there is an extensive research on anomaly detection, there are two major gaps in current literature: the scarcity of public datasets for all types of events and the lack of a BGP anomaly classification framework that differentiates anomaly classes. Since that there are no public datasets of labeled BGP anomalous events, each model was validated using different datasets, which had to be individually generated for each approach. The absence of common groundwork dataset increases the difficulty in comparing different approaches. The lack of a classification framework hinders the deployment of specific mitigation measures to each anomaly class in an automated fashion. In the current work, we address both problems: 1) We provide a BGP dataset generation tool and publicly available datasets for different anomaly classes. These datasets contain the most used features by previous research efforts and additional novel features; 2) We address the BGP anomaly classification problem by developing a framework that uses deep learning as the core engine of an anomaly detection and classification mechanism. We built a model that exploits different neural network architectures advantages. Both novel features and the BGP anomaly detector and classifier were evaluated and it was demonstrated that they can be used to react to anomalies in real-time and leverage the deployment of different mitigation and coordination strategies to different anomaly classes in an autonomous fashion. |
| id |
UFAM_26870e0c6177327708d531005765f996 |
|---|---|
| oai_identifier_str |
oai:https://tede.ufam.edu.br/handle/:tede/7700 |
| network_acronym_str |
UFAM |
| network_name_str |
Biblioteca Digital de Teses e Dissertações da UFAM |
| repository_id_str |
|
| spelling |
A deep learning framework for BGP anomaly detection and classificationBorder Gateway ProtocolMachine LearningDataset generationAutonomous SystemsAnomalias BGPCIÊNCIAS EXATAS E DA TERRA: CIÊNCIA DA COMPUTAÇÃOBorder Gateway ProtocolAnomaly detectionMachine LearningDataset generationDetecção de anomaliasThe Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectivity among Autonomous Systems (ASes). Although BGP disruptions are rare when they occur the consequences can be very damaging. Consequently, there has been a considerable effort aimed at understanding what is normal and abnormal BGP traffic and, in so doing, enable potentially disruptive anomalous traffic to be identified quickly. Even though there is an extensive research on anomaly detection, there are two major gaps in current literature: the scarcity of public datasets for all types of events and the lack of a BGP anomaly classification framework that differentiates anomaly classes. Since that there are no public datasets of labeled BGP anomalous events, each model was validated using different datasets, which had to be individually generated for each approach. The absence of common groundwork dataset increases the difficulty in comparing different approaches. The lack of a classification framework hinders the deployment of specific mitigation measures to each anomaly class in an automated fashion. In the current work, we address both problems: 1) We provide a BGP dataset generation tool and publicly available datasets for different anomaly classes. These datasets contain the most used features by previous research efforts and additional novel features; 2) We address the BGP anomaly classification problem by developing a framework that uses deep learning as the core engine of an anomaly detection and classification mechanism. We built a model that exploits different neural network architectures advantages. Both novel features and the BGP anomaly detector and classifier were evaluated and it was demonstrated that they can be used to react to anomalies in real-time and leverage the deployment of different mitigation and coordination strategies to different anomaly classes in an autonomous fashion.The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectivity among Autonomous Systems (ASes). Although BGP disruptions are rare when they occur the consequences can be very damaging. Consequently, there has been a considerable effort aimed at understanding what is normal and abnormal BGP traffic and, in so doing, enable potentially disruptive anomalous traffic to be identified quickly. Even though there is an extensive research on anomaly detection, there are two major gaps in current literature: the scarcity of public datasets for all types of events and the lack of a BGP anomaly classification framework that differentiates anomaly classes. Since that there are no public datasets of labeled BGP anomalous events, each model was validated using different datasets, which had to be individually generated for each approach. The absence of common groundwork dataset increases the difficulty in comparing different approaches. The lack of a classification framework hinders the deployment of specific mitigation measures to each anomaly class in an automated fashion. In the current work, we address both problems: 1) We provide a BGP dataset generation tool and publicly available datasets for different anomaly classes. These datasets contain the most used features by previous research efforts and additional novel features; 2) We address the BGP anomaly classification problem by developing a framework that uses deep learning as the core engine of an anomaly detection and classification mechanism. We built a model that exploits different neural network architectures advantages. Both novel features and the BGP anomaly detector and classifier were evaluated and it was demonstrated that they can be used to react to anomalies in real-time and leverage the deployment of different mitigation and coordination strategies to different anomaly classes in an autonomous fashion.Fundação de Amparo à Pesquisa do Estado do Amazonas - FAPEAMUniversidade Federal do AmazonasInstituto de ComputaçãoBrasilUFAMPrograma de Pós-graduação em InformáticaMota, Edjard Souzahttp://lattes.cnpq.br/0757666181169076Feitosa, Eduardo Luzeirohttp://lattes.cnpq.br/5939944067207881Carvalho, André Luiz da Costahttp://lattes.cnpq.br/4863447798119856Souza, Jose Neuman dehttp://lattes.cnpq.br/3614256141054800Fonseca, Paulo César da Rochahttp://lattes.cnpq.br/3639575844521754https://orcid.org/0000-0003-4641-60982020-03-04T20:03:43Z2019-11-18info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/doctoralThesisapplication/pdfFONSECA, Paulo César da Rocha. A deep learning framework for BGP anomaly detection and classification. 2019. 117 f. Tese (Doutorado em Informática) - Universidade Federal do Amazonas, Manaus, 2019.https://tede.ufam.edu.br/handle/tede/7700enghttp://creativecommons.org/licenses/by/4.0/info:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da UFAMinstname:Universidade Federal do Amazonas (UFAM)instacron:UFAM2020-03-05T05:03:55Zoai:https://tede.ufam.edu.br/handle/:tede/7700Biblioteca Digital de Teses e Dissertaçõeshttp://200.129.163.131:8080/PUBhttp://200.129.163.131:8080/oai/requestddbc@ufam.edu.br||ddbc@ufam.edu.bropendoar:65922020-03-05T05:03:55Biblioteca Digital de Teses e Dissertações da UFAM - Universidade Federal do Amazonas (UFAM)false |
| dc.title.none.fl_str_mv |
A deep learning framework for BGP anomaly detection and classification |
| title |
A deep learning framework for BGP anomaly detection and classification |
| spellingShingle |
A deep learning framework for BGP anomaly detection and classification Fonseca, Paulo César da Rocha Border Gateway Protocol Machine Learning Dataset generation Autonomous Systems Anomalias BGP CIÊNCIAS EXATAS E DA TERRA: CIÊNCIA DA COMPUTAÇÃO Border Gateway Protocol Anomaly detection Machine Learning Dataset generation Detecção de anomalias |
| title_short |
A deep learning framework for BGP anomaly detection and classification |
| title_full |
A deep learning framework for BGP anomaly detection and classification |
| title_fullStr |
A deep learning framework for BGP anomaly detection and classification |
| title_full_unstemmed |
A deep learning framework for BGP anomaly detection and classification |
| title_sort |
A deep learning framework for BGP anomaly detection and classification |
| author |
Fonseca, Paulo César da Rocha |
| author_facet |
Fonseca, Paulo César da Rocha http://lattes.cnpq.br/3639575844521754 https://orcid.org/0000-0003-4641-6098 |
| author_role |
author |
| author2 |
http://lattes.cnpq.br/3639575844521754 https://orcid.org/0000-0003-4641-6098 |
| author2_role |
author author |
| dc.contributor.none.fl_str_mv |
Mota, Edjard Souza http://lattes.cnpq.br/0757666181169076 Feitosa, Eduardo Luzeiro http://lattes.cnpq.br/5939944067207881 Carvalho, André Luiz da Costa http://lattes.cnpq.br/4863447798119856 Souza, Jose Neuman de http://lattes.cnpq.br/3614256141054800 |
| dc.contributor.author.fl_str_mv |
Fonseca, Paulo César da Rocha http://lattes.cnpq.br/3639575844521754 https://orcid.org/0000-0003-4641-6098 |
| dc.subject.por.fl_str_mv |
Border Gateway Protocol Machine Learning Dataset generation Autonomous Systems Anomalias BGP CIÊNCIAS EXATAS E DA TERRA: CIÊNCIA DA COMPUTAÇÃO Border Gateway Protocol Anomaly detection Machine Learning Dataset generation Detecção de anomalias |
| topic |
Border Gateway Protocol Machine Learning Dataset generation Autonomous Systems Anomalias BGP CIÊNCIAS EXATAS E DA TERRA: CIÊNCIA DA COMPUTAÇÃO Border Gateway Protocol Anomaly detection Machine Learning Dataset generation Detecção de anomalias |
| description |
The Border Gateway Protocol (BGP) is the default Internet routing protocol that manages connectivity among Autonomous Systems (ASes). Although BGP disruptions are rare when they occur the consequences can be very damaging. Consequently, there has been a considerable effort aimed at understanding what is normal and abnormal BGP traffic and, in so doing, enable potentially disruptive anomalous traffic to be identified quickly. Even though there is an extensive research on anomaly detection, there are two major gaps in current literature: the scarcity of public datasets for all types of events and the lack of a BGP anomaly classification framework that differentiates anomaly classes. Since that there are no public datasets of labeled BGP anomalous events, each model was validated using different datasets, which had to be individually generated for each approach. The absence of common groundwork dataset increases the difficulty in comparing different approaches. The lack of a classification framework hinders the deployment of specific mitigation measures to each anomaly class in an automated fashion. In the current work, we address both problems: 1) We provide a BGP dataset generation tool and publicly available datasets for different anomaly classes. These datasets contain the most used features by previous research efforts and additional novel features; 2) We address the BGP anomaly classification problem by developing a framework that uses deep learning as the core engine of an anomaly detection and classification mechanism. We built a model that exploits different neural network architectures advantages. Both novel features and the BGP anomaly detector and classifier were evaluated and it was demonstrated that they can be used to react to anomalies in real-time and leverage the deployment of different mitigation and coordination strategies to different anomaly classes in an autonomous fashion. |
| publishDate |
2019 |
| dc.date.none.fl_str_mv |
2019-11-18 2020-03-04T20:03:43Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/doctoralThesis |
| format |
doctoralThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
FONSECA, Paulo César da Rocha. A deep learning framework for BGP anomaly detection and classification. 2019. 117 f. Tese (Doutorado em Informática) - Universidade Federal do Amazonas, Manaus, 2019. https://tede.ufam.edu.br/handle/tede/7700 |
| identifier_str_mv |
FONSECA, Paulo César da Rocha. A deep learning framework for BGP anomaly detection and classification. 2019. 117 f. Tese (Doutorado em Informática) - Universidade Federal do Amazonas, Manaus, 2019. |
| url |
https://tede.ufam.edu.br/handle/tede/7700 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
http://creativecommons.org/licenses/by/4.0/ info:eu-repo/semantics/openAccess |
| rights_invalid_str_mv |
http://creativecommons.org/licenses/by/4.0/ |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Universidade Federal do Amazonas Instituto de Computação Brasil UFAM Programa de Pós-graduação em Informática |
| publisher.none.fl_str_mv |
Universidade Federal do Amazonas Instituto de Computação Brasil UFAM Programa de Pós-graduação em Informática |
| dc.source.none.fl_str_mv |
reponame:Biblioteca Digital de Teses e Dissertações da UFAM instname:Universidade Federal do Amazonas (UFAM) instacron:UFAM |
| instname_str |
Universidade Federal do Amazonas (UFAM) |
| instacron_str |
UFAM |
| institution |
UFAM |
| reponame_str |
Biblioteca Digital de Teses e Dissertações da UFAM |
| collection |
Biblioteca Digital de Teses e Dissertações da UFAM |
| repository.name.fl_str_mv |
Biblioteca Digital de Teses e Dissertações da UFAM - Universidade Federal do Amazonas (UFAM) |
| repository.mail.fl_str_mv |
ddbc@ufam.edu.br||ddbc@ufam.edu.br |
| _version_ |
1797040504976703488 |