Machine learning models for classification of BGP anomalies

Worms such as Slammer, Nimda, and Code Red I are anomalies that affect performance of the global Internet Border Gateway Protocol (BGP). BGP anomalies also include Internet Protocol (IP) prefix hijacks, miss-configurations, and electrical failures. Statistical and machine learning techniques have been recently deployed to classify and detect BGP anomalies. In this paper, we introduce new classification features and apply Support Vector Machine (SVM) models and Hidden Markov Models (HMMs) to design anomaly detection mechanisms. We apply these multi classification models to correctly classify test datasets and identify the correct anomaly types. The proposed models are tested with collected BGP traffic traces and are employed to successfully classify and detect various BGP anomalies.