An anomaly detection framework for BGP

Abnormal events such as large scale power outages, misconfigurations, and worm attacks can affect the global routing infrastructure and consequently create regional or global Internet service interruptions. As a result, early detection of abnormal events is of critical importance. In this study we present a framework based on data mining algorithms that are applied to anomaly detection on global routing infrastructure. To show the applicability of our framework, we conduct extensive experiments with a variety of abnormal events and classification algorithms. Our results demonstrate that when we train our system with abnormal events including worm attacks, power supply outages, submarine cable cuts, and misconfigurations, we can detect a similar type of event as it happens.