GonoGo - Assessing the Confidence Level of Distribute Intrusion Detection Systems Alarms Based on BGP

IF 4.7 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Network and Service Management Pub Date : 2024-09-26 DOI:10.1109/TNSM.2024.3468907

Renato S. Silva;Luís M. Felipe de Moraes

{"title":"GonoGo - Assessing the Confidence Level of Distribute Intrusion Detection Systems Alarms Based on BGP","authors":"Renato S. Silva;Luís M. Felipe de Moraes","doi":"10.1109/TNSM.2024.3468907","DOIUrl":null,"url":null,"abstract":"Although Border Gateway Protocol – BGP is increasingly becoming a multi-purpose protocol, it suffers from security issues regarding bogus announcements for malicious goals. Some of these security breaches are particularly critical for distributed intrusion detection systems that use BGP as their underlay network for interchanging alarms. In this case, assessing the confidence level of these BGP messages helps to prevent internal attacks. Most of the proposals addressing the confidence level of BGP messages rely on complex and time-consuming mechanisms that can also be a potential target for intelligent attacks. In this paper, we propose Gonogo as an out-of-band system based on machine learning to infer the confidence level of the intrusion alarms using just the mandatory header of each BGP message that transports them. Tests using a synthetic data set reflecting the indirect effects of a widespread worm attack over the BGP network show promising results, considering well-known performance metrics, such as recall, accuracy, receiver operating characteristics (ROC), and f1-score.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 1","pages":"209-219"},"PeriodicalIF":4.7000,"publicationDate":"2024-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network and Service Management","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10695796/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Although Border Gateway Protocol – BGP is increasingly becoming a multi-purpose protocol, it suffers from security issues regarding bogus announcements for malicious goals. Some of these security breaches are particularly critical for distributed intrusion detection systems that use BGP as their underlay network for interchanging alarms. In this case, assessing the confidence level of these BGP messages helps to prevent internal attacks. Most of the proposals addressing the confidence level of BGP messages rely on complex and time-consuming mechanisms that can also be a potential target for intelligent attacks. In this paper, we propose Gonogo as an out-of-band system based on machine learning to infer the confidence level of the intrusion alarms using just the mandatory header of each BGP message that transports them. Tests using a synthetic data set reflecting the indirect effects of a widespread worm attack over the BGP network show promising results, considering well-known performance metrics, such as recall, accuracy, receiver operating characteristics (ROC), and f1-score.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Network and Service Management Computer Science-Computer Networks and Communications

CiteScore

9.30

自引率

15.10%

发文量

325

期刊介绍： IEEE Transactions on Network and Service Management will publish (online only) peerreviewed archival quality papers that advance the state-of-the-art and practical applications of network and service management. Theoretical research contributions (presenting new concepts and techniques) and applied contributions (reporting on experiences and experiments with actual systems) will be encouraged. These transactions will focus on the key technical issues related to: Management Models, Architectures and Frameworks; Service Provisioning, Reliability and Quality Assurance; Management Functions; Enabling Technologies; Information and Communication Models; Policies; Applications and Case Studies; Emerging Technologies and Standards.