Comparison of machine learning models for classification of BGP anomalies

Resource type
Thesis type
(Thesis) M.A.Sc.
Date created
Worms such as Slammer, Nimda, and Code Red~I are anomalies that affect performance of the global Internet Border Gateway Protocol (BGP). BGP anomalies also include Internet Protocol (IP) prefix hijacks, miss-configurations, and electrical failures. In this Thesis, we analyzed the feature selection process to choose the most correlated features for an anomaly class. We compare the Fisher, minimum redundancy maximum relevance (mRMR), odds ratio (OR), extended/multi-class/weighted odds ratio (EOR/MOR/WOR), and class discriminating measure (CDM) feature selection algorithms. We extend the odds ratio algorithms to use both continuous and discrete features. We also introduce new classification features and apply Support Vector Machine (SVM) models, Hidden Markov Models (HMMs), and Naive Bayes (NB) models to design anomaly detection algorithms. We apply multi classification models to correctly classify test datasets and identify the correct anomaly types. The proposed models are tested with collected BGP traffic traces from RIPE and BCNET and are employed to successfully classify and detect various BGP anomalies.
Copyright statement
Copyright is held by the author.
The author granted permission for the file to be printed and for the text to be copied and pasted.
Scholarly level
Supervisor or Senior Supervisor
Thesis advisor: Trajkovic, Ljiljana
Member of collection
Attachment Size
etd7490--NAl-Rousan.pdf 4.59 MB