Using BGP Features Towards Identifying Type of BGP Anomaly

Abstract

Unregular events such as large-scale power outages and routing table leaks (RTL) can negatively affect the global routing stability and interrupt Internet services. The Border Gateway Protocol (BGP) is the de-facto Internet routing protocol responsible for managing connectivity between Autonomous Systems (ASes). Detecting BGP anomalies enables network operators to protect their network and helps to improve Internet reliability. This paper suggests using different feature selection algorithms to find out the most effective BGP features then use these features to identify types of anomalies. Out of 55 extracted BGP features, we find out that 9 BGP features indicate identifying RTL and link failure. BGP features related to volumes such as total number of announcements per prefix, number of IPV4 announcements, and implicit withdrawal represent a key to identify RTL. In contrast, BGP features related to Origin change and AS-PATH, such as announcement to the longer path and Edit distance, represent a key to identify link failure.