Modelling BGP Updates for Anomaly Detection using Machine Learning

Abstract

This paper outlines the problem of detecting and visualising Border Gateway Protocol (BGP) update anomalies in real-time. Detecting and visualising these anomalies in real-time matters because it can help prevent impacts such as denial of service, service slowdown, or loss of revenue that results from accidental or malicious BGP updates. This project solves this problem by creating a program that can visualise router topology and detect BGP anomalies in real-time. Access to historical and live BGP traffic was required, and sourced from the University of Oregon Route Views Project, RIS Route Collectors, and RIS Live. The output of this project is a system that can detect and visualise anomalous BGP updates, allowing network teams to minimise the effect of such anomalies.