Inferring the confidence level of BGP-based distributed intrusion detection systems alarms

IF 1.8 4区计算机科学 Q3 TELECOMMUNICATIONS

Annals of Telecommunications Pub Date : 2024-06-18 DOI:10.1007/s12243-024-01045-1

Renato S. Silva, Felipe M. F. de Assis, Evandro L. C. Macedo, Luís Felipe M. de Moraes

{"title":"Inferring the confidence level of BGP-based distributed intrusion detection systems alarms","authors":"Renato S. Silva, Felipe M. F. de Assis, Evandro L. C. Macedo, Luís Felipe M. de Moraes","doi":"10.1007/s12243-024-01045-1","DOIUrl":null,"url":null,"abstract":"Border Gateway Protocol (BGP) is increasingly becoming a multipurpose protocol. However, it keeps suffering from security issues such as bogus announcements for malicious goals. Some of these security breaches are especially critical for distributed intrusion detection systems that use BGP as the underlay network for interchanging alarms. In this sense, assessing the confidence level of detection alarms transported via BGP messages is critical to prevent internal attacks. Most of the proposals addressing the confidence level of detection alarms rely on complex and time-consuming mechanisms that can also be a potential target for further attacks. In this paper, we propose an out-of-band system based on machine learning to infer the confidence level of BGP messages, using just the mandatory fields of the header. Tests using two different data sets, (i) from the indirect effects of a widespread worm attack and (ii) using up-to-date data from the IPTraf Project, show promising results, considering well-known performance metrics, such as recall, accuracy, receiver operating characteristics (ROC), and f1-score.","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":null,"pages":null},"PeriodicalIF":1.8000,"publicationDate":"2024-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annals of Telecommunications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12243-024-01045-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Border Gateway Protocol (BGP) is increasingly becoming a multipurpose protocol. However, it keeps suffering from security issues such as bogus announcements for malicious goals. Some of these security breaches are especially critical for distributed intrusion detection systems that use BGP as the underlay network for interchanging alarms. In this sense, assessing the confidence level of detection alarms transported via BGP messages is critical to prevent internal attacks. Most of the proposals addressing the confidence level of detection alarms rely on complex and time-consuming mechanisms that can also be a potential target for further attacks. In this paper, we propose an out-of-band system based on machine learning to infer the confidence level of BGP messages, using just the mandatory fields of the header. Tests using two different data sets, (i) from the indirect effects of a widespread worm attack and (ii) using up-to-date data from the IPTraf Project, show promising results, considering well-known performance metrics, such as recall, accuracy, receiver operating characteristics (ROC), and f1-score.

Abstract Image

查看原文本刊更多论文

推断基于 BGP 的分布式入侵检测系统警报的置信度

边界网关协议（BGP）正日益成为一种多用途协议。然而，它却一直受到安全问题的困扰，例如为恶意目的而发布的假公告。其中一些安全漏洞对于使用 BGP 作为交换警报的底层网络的分布式入侵检测系统尤为重要。从这个意义上说，评估通过 BGP 消息传输的检测警报的可信度对于防止内部攻击至关重要。大多数解决检测警报可信度问题的建议都依赖于复杂耗时的机制，这也可能成为进一步攻击的潜在目标。在本文中，我们提出了一种基于机器学习的带外系统，仅使用报文头的必填字段就能推断出 BGP 报文的置信度。测试使用了两个不同的数据集：(i) 来自大范围蠕虫攻击的间接影响；(ii) 来自 IPTraf 项目的最新数据，考虑到召回率、准确率、接收器操作特性 (ROC) 和 f1 分数等众所周知的性能指标，测试结果令人欣喜。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Annals of Telecommunications 工程技术-电信学

CiteScore

5.20

自引率

5.30%

发文量

审稿时长

4.5 months

期刊介绍： Annals of Telecommunications is an international journal publishing original peer-reviewed papers in the field of telecommunications. It covers all the essential branches of modern telecommunications, ranging from digital communications to communication networks and the internet, to software, protocols and services, uses and economics. This large spectrum of topics accounts for the rapid convergence through telecommunications of the underlying technologies in computers, communications, content management towards the emergence of the information and knowledge society. As a consequence, the Journal provides a medium for exchanging research results and technological achievements accomplished by the European and international scientific community from academia and industry.

文献相关原料

公司名称	产品信息	采购帮参考价格