BGP anomaly detection as a group dynamics problem

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2024-11-23 DOI:10.1016/j.comnet.2024.110926

Ben A. Scott , Michael N. Johnstone , Patryk Szewczyk , Steven Richardson

{"title":"BGP anomaly detection as a group dynamics problem","authors":"Ben A. Scott , Michael N. Johnstone , Patryk Szewczyk , Steven Richardson","doi":"10.1016/j.comnet.2024.110926","DOIUrl":null,"url":null,"abstract":"<div><div>Understanding group information and collective behaviors is an ongoing area of research, encompassing natural phenomena and human dynamics. Quantifying interactions and interdependencies at the group level can be valuable for understanding complex and dynamical systems. The Border Gateway Protocol (BGP), the default inter-domain routing protocol for the Internet, operates within a large, complex, and dynamic system vulnerable to security threats. Traditional BGP anomaly detection focuses on single observables from individual Autonomous Systems (ASes), which inadequately addresses the multidimensional, multi-viewpoint nature of the Internet and interdomain routing. This paper introduces a novel approach for quantifying group AS-level information and dynamics. We present the first ever application of Multidimensional Recurrence Quantification Analysis (MdRQA) to any computer system, offering a robust BGP anomaly detection technique that identifies anomalies earlier than traditional single-AS observable methods. This research marks a significant advancement in BGP anomaly detection, treating it as a group dynamics problem within the Internet’s complex and distributed system.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"257 ","pages":"Article 110926"},"PeriodicalIF":4.4000,"publicationDate":"2024-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624007588","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Understanding group information and collective behaviors is an ongoing area of research, encompassing natural phenomena and human dynamics. Quantifying interactions and interdependencies at the group level can be valuable for understanding complex and dynamical systems. The Border Gateway Protocol (BGP), the default inter-domain routing protocol for the Internet, operates within a large, complex, and dynamic system vulnerable to security threats. Traditional BGP anomaly detection focuses on single observables from individual Autonomous Systems (ASes), which inadequately addresses the multidimensional, multi-viewpoint nature of the Internet and interdomain routing. This paper introduces a novel approach for quantifying group AS-level information and dynamics. We present the first ever application of Multidimensional Recurrence Quantification Analysis (MdRQA) to any computer system, offering a robust BGP anomaly detection technique that identifies anomalies earlier than traditional single-AS observable methods. This research marks a significant advancement in BGP anomaly detection, treating it as a group dynamics problem within the Internet’s complex and distributed system.

查看原文本刊更多论文

作为组动力学问题的BGP异常检测

理解群体信息和集体行为是一个正在进行的研究领域，包括自然现象和人类动力学。量化群体层面的相互作用和相互依赖关系对于理解复杂的动态系统是有价值的。边界网关协议BGP （Border Gateway Protocol）是Internet默认的域间路由协议，它运行在一个大型、复杂、动态的系统中，容易受到安全威胁。传统的BGP异常检测侧重于单个自治系统（as）的单个可观察对象，这不足以解决互联网和域间路由的多维、多视点特性。本文介绍了一种量化集团as级信息和动态的新方法。我们首次将多维递归量化分析（MdRQA）应用于任何计算机系统，提供了一种鲁棒的BGP异常检测技术，该技术比传统的单as可观察方法更早地识别异常。本研究在BGP异常检测方面取得了重大进展，将其视为互联网复杂分布式系统中的群动力学问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.