Yutao Dong, Qing Li, R. Sinnott, Yong Jiang, Shutao Xia
{"title":"基于弱监督学习的ISP自运行BGP异常检测","authors":"Yutao Dong, Qing Li, R. Sinnott, Yong Jiang, Shutao Xia","doi":"10.1109/ICNP52444.2021.9651957","DOIUrl":null,"url":null,"abstract":"The Border Gateway Protocol (BGP) is arguably the most important and irreplaceable protocol in the network. However, the lack of routing authentication and validation makes it vulnerable to attacks, including routing leaks, route hijacking, prefix hijacking, etc. Therefore, in this paper we propose a generalized framework for ISP self-operated BGP anomaly detection based on weakly supervised learning. To tackle the problem of insufficient data in BGP anomaly detection, we propose an approach to learn from the other anomaly detection systems through knowledge distillation. To reduce the impact of inaccurate supervision, we design a self-attention-based Long Short-Term Memory (LSTM) model to self-adaptively mine the differences between BGP anomaly categories, including both feature and time dimensions. Finally, we implement a system and demonstrate the performance through a set of comprehensive experiments. Compared with the state-of-the-art schemes, our scheme has better generalization on various anomaly types.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"ISP Self-Operated BGP Anomaly Detection Based on Weakly Supervised Learning\",\"authors\":\"Yutao Dong, Qing Li, R. Sinnott, Yong Jiang, Shutao Xia\",\"doi\":\"10.1109/ICNP52444.2021.9651957\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Border Gateway Protocol (BGP) is arguably the most important and irreplaceable protocol in the network. However, the lack of routing authentication and validation makes it vulnerable to attacks, including routing leaks, route hijacking, prefix hijacking, etc. Therefore, in this paper we propose a generalized framework for ISP self-operated BGP anomaly detection based on weakly supervised learning. To tackle the problem of insufficient data in BGP anomaly detection, we propose an approach to learn from the other anomaly detection systems through knowledge distillation. To reduce the impact of inaccurate supervision, we design a self-attention-based Long Short-Term Memory (LSTM) model to self-adaptively mine the differences between BGP anomaly categories, including both feature and time dimensions. Finally, we implement a system and demonstrate the performance through a set of comprehensive experiments. Compared with the state-of-the-art schemes, our scheme has better generalization on various anomaly types.\",\"PeriodicalId\":343813,\"journal\":{\"name\":\"2021 IEEE 29th International Conference on Network Protocols (ICNP)\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 29th International Conference on Network Protocols (ICNP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICNP52444.2021.9651957\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNP52444.2021.9651957","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
ISP Self-Operated BGP Anomaly Detection Based on Weakly Supervised Learning
The Border Gateway Protocol (BGP) is arguably the most important and irreplaceable protocol in the network. However, the lack of routing authentication and validation makes it vulnerable to attacks, including routing leaks, route hijacking, prefix hijacking, etc. Therefore, in this paper we propose a generalized framework for ISP self-operated BGP anomaly detection based on weakly supervised learning. To tackle the problem of insufficient data in BGP anomaly detection, we propose an approach to learn from the other anomaly detection systems through knowledge distillation. To reduce the impact of inaccurate supervision, we design a self-attention-based Long Short-Term Memory (LSTM) model to self-adaptively mine the differences between BGP anomaly categories, including both feature and time dimensions. Finally, we implement a system and demonstrate the performance through a set of comprehensive experiments. Compared with the state-of-the-art schemes, our scheme has better generalization on various anomaly types.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
