Inferring the confidence level of BGP-based distributed intrusion detection systems alarms

IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS Annals of Telecommunications Pub Date : 2024-06-18 DOI:10.1007/s12243-024-01045-1
Renato S. Silva, Felipe M. F. de Assis, Evandro L. C. Macedo, Luís Felipe M. de Moraes
{"title":"Inferring the confidence level of BGP-based distributed intrusion detection systems alarms","authors":"Renato S. Silva, Felipe M. F. de Assis, Evandro L. C. Macedo, Luís Felipe M. de Moraes","doi":"10.1007/s12243-024-01045-1","DOIUrl":null,"url":null,"abstract":"<p>Border Gateway Protocol (BGP) is increasingly becoming a multipurpose protocol. However, it keeps suffering from security issues such as bogus announcements for malicious goals. Some of these security breaches are especially critical for distributed intrusion detection systems that use BGP as the underlay network for interchanging alarms. In this sense, assessing the confidence level of detection alarms transported via BGP messages is critical to prevent internal attacks. Most of the proposals addressing the confidence level of detection alarms rely on complex and time-consuming mechanisms that can also be a potential target for further attacks. In this paper, we propose an out-of-band system based on machine learning to infer the confidence level of BGP messages, using just the mandatory fields of the header. Tests using two different data sets, (<i>i</i>) from the indirect effects of a widespread worm attack and (<i>ii</i>) using up-to-date data from the IPTraf Project, show promising results, considering well-known performance metrics, such as recall, accuracy, receiver operating characteristics (ROC), and f1-score.</p>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"75 1","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2024-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annals of Telecommunications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12243-024-01045-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

Border Gateway Protocol (BGP) is increasingly becoming a multipurpose protocol. However, it keeps suffering from security issues such as bogus announcements for malicious goals. Some of these security breaches are especially critical for distributed intrusion detection systems that use BGP as the underlay network for interchanging alarms. In this sense, assessing the confidence level of detection alarms transported via BGP messages is critical to prevent internal attacks. Most of the proposals addressing the confidence level of detection alarms rely on complex and time-consuming mechanisms that can also be a potential target for further attacks. In this paper, we propose an out-of-band system based on machine learning to infer the confidence level of BGP messages, using just the mandatory fields of the header. Tests using two different data sets, (i) from the indirect effects of a widespread worm attack and (ii) using up-to-date data from the IPTraf Project, show promising results, considering well-known performance metrics, such as recall, accuracy, receiver operating characteristics (ROC), and f1-score.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
推断基于 BGP 的分布式入侵检测系统警报的置信度
边界网关协议(BGP)正日益成为一种多用途协议。然而,它却一直受到安全问题的困扰,例如为恶意目的而发布的假公告。其中一些安全漏洞对于使用 BGP 作为交换警报的底层网络的分布式入侵检测系统尤为重要。从这个意义上说,评估通过 BGP 消息传输的检测警报的可信度对于防止内部攻击至关重要。大多数解决检测警报可信度问题的建议都依赖于复杂耗时的机制,这也可能成为进一步攻击的潜在目标。在本文中,我们提出了一种基于机器学习的带外系统,仅使用报文头的必填字段就能推断出 BGP 报文的置信度。测试使用了两个不同的数据集:(i) 来自大范围蠕虫攻击的间接影响;(ii) 来自 IPTraf 项目的最新数据,考虑到召回率、准确率、接收器操作特性 (ROC) 和 f1 分数等众所周知的性能指标,测试结果令人欣喜。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Annals of Telecommunications
Annals of Telecommunications 工程技术-电信学
CiteScore
5.20
自引率
5.30%
发文量
37
审稿时长
4.5 months
期刊介绍: Annals of Telecommunications is an international journal publishing original peer-reviewed papers in the field of telecommunications. It covers all the essential branches of modern telecommunications, ranging from digital communications to communication networks and the internet, to software, protocols and services, uses and economics. This large spectrum of topics accounts for the rapid convergence through telecommunications of the underlying technologies in computers, communications, content management towards the emergence of the information and knowledge society. As a consequence, the Journal provides a medium for exchanging research results and technological achievements accomplished by the European and international scientific community from academia and industry.
期刊最新文献
Editorial of 6GNet 2023 special issue On the (in)efficiency of fuzzing network protocols Investigation of LDPC codes with interleaving for 5G wireless networks Opportunistic data gathering in IoT networks using an energy-efficient data aggregation mechanism Joint MEC selection and wireless resource allocation in 5G RAN
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1