Abnormal Flow Detection Of BGP Based On SVM

With the rapid development of the information technologies, Internet has become an important part of society infrastructure. However, Border Gateway Protocol (BGP) which is the defacto standard inter-domain routing protocol in the Internet today, has severe problems, such as worm viruses, DoS attacks and lack of security mechanisms etc. To ensure the stability and security of the inter-domain routing system in the autonomy system, the abnormal flow detection of BGP based on SVM is mainly researched in this paper. Experiment results show that SVM algorithm is promising. The paper is divided into two areas:1. The research of SVM algorithm based on feature selection. BGP abnormal data has the feature of small samples, so SVM algorithm is introduced to detect the abnormal flow of BGP. In addition, BGP data is high-dimensional. It adversely affects the storage space and speed identification of the computer. To lower the feature space dimension, reduce the measure and storage requirements, SVM algorithm based on feature selection is introduced. The feature selection process is embedded inside SVM and the feature selection process and the learning process are naturally united. By sorting the weight of the features, feature selection method is introduced to achieve better results, thereby enhance predictable performance.2. The processing of non-equilibrium distribution of BGP data. The two types of samples are of non-equilibrium in the distribution in BGP data. In the training process of SVM, the impact on the the composition of the decision-making hyperplane of two types of samples is different. It leads to deviations of the ultimate decision-making function which reduces the ability of classification, so Under-sampling algorithm is introduced to preprocess the training data of BGP. It combines with SVM learning process. The adverse effects are eliminated by changing the distribution of training set samples.BGP data experiment results show that SVM algorithm is feasible and effective in detecting BGP abnormal flow. To maintain high GM, feature selection method can be used to descend dimension of BGP data. By introducing Under-sampling algorithm, it has a better classification result and it can also maintain a relatively high detection accuracy.