Performance evaluation of BGP anomaly classifiers

Marijana Cosovic, Slobodan Obradovic, Ljiljana Trajkovic
2015 2015 Third International Conference on Digital Information, Networking, and Wireless Communications (DINWC)  
Changes in the network topology such as large-scale power outages or Internet worm attacks are events that may induce routing information updates. Border Gateway Protocol (BGP) is by Autonomous Systems (ASes) to address these changes. Network reachability information, contained in BGP update messages, is stored in the Routing Information Base (RIB). Recent BGP anomaly detection systems employ machine learning techniques to mine network data. In this paper, we evaluated performance of several
more » ... mance of several machine learning algorithms for detecting Internet anomalies using RIB. Naive Bayes (NB), Support Vector Machine (SVM), and Decision Tree (J48) classifiers are employed to detect network traffic anomalies. We evaluated feature discretization and feature selection using three data sets of known Internet anomalies.
doi:10.1109/dinwc.2015.7054228 fatcat:6qiub7ytujborapfqgpnbt7upu