Scott Ben A, Johnstone Michael N, Szewczyk Patryk
School of Science, Edith Cowan University, Perth, WA 6027, Australia.
School of Science, Engineering & Technology, RMIT University, Ho Chi Minh City 700000, Vietnam.
Sensors (Basel). 2024 Oct 3;24(19):6414. doi: 10.3390/s24196414.
The Internet's default inter-domain routing system, the Border Gateway Protocol (BGP), remains insecure. Detection techniques are dominated by approaches that involve large numbers of features, parameters, domain-specific tuning, and training, often contributing to an unacceptable computational cost. Efforts to detect anomalous activity in the BGP have been almost exclusively focused on single observable monitoring points and Autonomous Systems (ASs). BGP attacks can exploit and evade these limitations. In this paper, we review and evaluate categories of BGP attacks based on their complexity. Previously identified next-generation BGP detection techniques remain incapable of detecting advanced attacks that exploit single observable detection approaches and those designed to evade public routing monitor infrastructures. Advanced BGP attack detection requires lightweight, rapid capabilities with the capacity to quantify group-level multi-viewpoint interactions, dynamics, and information. We term this approach advanced BGP anomaly detection. This survey evaluates 178 anomaly detection techniques and identifies which are candidates for advanced attack anomaly detection. Preliminary findings from an exploratory investigation of advanced BGP attack candidates are also reported.
互联网的默认域间路由系统——边界网关协议(BGP)仍然不安全。检测技术主要是那些涉及大量特征、参数、特定领域调整和训练的方法,这往往会导致难以接受的计算成本。检测BGP中异常活动的努力几乎完全集中在单个可观测监测点和自治系统(AS)上。BGP攻击可以利用并规避这些限制。在本文中,我们根据BGP攻击的复杂性对其类别进行回顾和评估。先前确定的下一代BGP检测技术仍然无法检测利用单一可观测检测方法的高级攻击以及那些旨在规避公共路由监控基础设施的攻击。高级BGP攻击检测需要具备轻量级、快速的能力,能够量化组级多视角交互、动态变化和信息。我们将这种方法称为高级BGP异常检测。本调查评估了178种异常检测技术,并确定哪些是高级攻击异常检测的候选技术。还报告了对高级BGP攻击候选技术进行探索性调查的初步结果。