BGP Route Leak Detection Based On Graph Neural Network

As the core inter-domain routing protocol in the network,the security of the Border Gateway Protocol(BGP)is of great significance to the stability of the global Internet.However,due to the flaws in protocol design,abnormal BGP network events such as prefix hijacking,route leak,and AS path tampering occur from time to time.These anomalies have caused serious consequences such as routing black holes,man-in-the-middle(MITM)attacks,traffic eavesdropping,network shocks,and even large-scale Internet paralysis and service interruptions.This paper focuses on the anomaly detection of BGP route leaks.According to the nature of BGP network,this paper introduces the graph neural network(GNN)models to deal with the problem of route leak detection.It mainly studies the adaptability of existing classical GNN models to route leak detection,and compares the processing effects of machine learning models,trying to verify that GNN models have better detection ability.The main work includes the following three points:(1)In order to pay more attention to the network topology changes of BGP route leakage,after data collection and preprocessing,this paper discusses the graph structure representation of BGP route leak,and extracts two categories of graph features based on it,namely structural robustness features and centrality measures features.(2)This paper defines the route leak detection problem according to the data structure of GNN models,and uses the GCN,GraphSAGE and GAT model to learn the deep features of the autonomous-system-level network topology.It regards the BGP route leak detection as a binary classification problem,and uses the graph classification method for training and testing to judge whether the input network topology graph has the phenomenon of route leakage.(3)A routing leak detection system based on GNN is proposed,and some machine learning classification models are selected for comparative experiments.The evaluation indicators are accuracy and F1-score.The experimental results show that the effect of using GNN for classification is slightly better than the best effect of using the machine learning model,which proves the feasibility of using GNN model for BGP route leakage anomaly detection.