The Internet infrastructure relies on the Border Gateway Protocol (BGP) to provide essential routing information where abnormal routing behavior impairs global Internet connectivity and stability. Hence, employing anomaly detection algorithms is important for improving the performance of BGP routing protocol. In this paper, we propose two algorithms; the first is the guide feature generator (GFG), which generates guide features from traditional features in BGP time-series data using moving regression in combination with smoothed moving average. The second is a modified random forest feature selection algorithm which is employed to automatically select the most dominant features (ASMDF). Our mechanism shows that the detected anomalies are more realistic and the selected features are generally consistent across time series. Experimental evaluations using multiple machine learning models reveal that the proposed algorithms achieve up to 32.36 % improvement in accuracy rate, up to 35.44 % reduction in false negative rate, and up to 43.99 % reduction in false positive rate compared to not using these algorithms. Moreover, the ASMDF option increases the feature selection speed more than 3 times compared to most existing feature selection algorithms.
HASHEM, MAHMOUD; BASHANDY, AHMED; and SHAHEEN, SAMIR
"Improving anomaly detection in BGP time-series data by new guide features and moderated feature selection algorithm,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 27:
1, Article 29.
Available at: https://journals.tubitak.gov.tr/elektrik/vol27/iss1/29