Through the Looking Glass: Classifying Anomalous BGP Communities

Abstract

The Border Gateway Protocol (BGP) community field is poorly defined and has no means of authentication. This BGP attribute has the power to reroute and black hole traffic across the internet. The BGP communities path attribute is normally prevalent and persistent. I hypothesize the persistence and prevalence of the path attribute can be used to develop a BGP community anomaly detector. This anomaly detector will allow for the discovery of and filtering out both malicious or misconfigured BGP community announcements. Future work could build upon the detection of anomaly and define the anomaly. In addition, an anomaly detector can be used to limit the spread and power of anomalous BGP communities.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2020
Accession Number
AD1126678

Entities

People

  • Josh Welch

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Autonomy
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Anomaly Detection
  • Black Holes
  • California
  • Change Detection
  • Classification
  • Computer Communications
  • Computer Networks
  • Computer Science
  • Data Sets
  • Denial Of Service Attack
  • Detection
  • Detectors
  • Engineering
  • Information Science
  • Machine Learning
  • Network Protocols
  • Network Science
  • Routing Protocols
  • Transport Protocols
  • Unsupervised Machine Learning

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Theoretical Analysis.