Machine learning for detecting ransomware attacks using BGP routing records

Analyzing and detecting Border Gateway Protocol (BGP) anomalies caused by evolving ransomware cyber attacks are topics of great interest in cyber security. Various anomaly detection approaches such as time series and historical-based analysis, statistical validation, reachability checks, and supervised machine learning have been applied to collected datasets. Supervised and semi-supervised machine learning techniques rely on label and unlabeled data that contain regular and anomalous events. They are publicly available from BGP collection sites such as Réseaux IP Européens (RIPE) and Route Views.