LeakFocus: Catching the perpetrator in routing leak event

Abstract

Route leaks pose a significant threat to the Internet, yet traditional machine learning-based detection models often fail to accurately identify the responsible AS, hindering timely alerting. To address this, we introduce LeakFocus, a novel framework that precisely identifies routing leak perpetrators. By analyzing the impact of route leaks on neighboring ASes, we establish a correlation between the severity of impact and proximity to the perpetrator. Leveraging this insight, we collected and optimized a large ground truth dataset using BGPmon and custom filters, significantly enhancing detection accuracy. An IQR-based (interquartile range) feature filtering approach was then employed to select ten key features that effectively differentiate legitimate from illegitimate valley paths. LeakFocus integrates temporal convolutional neural networks (TCNs) and node feature aggregation algorithms for routing leak detection and perpetrator localization. Experimental results show that LeakFocus improves detection precision by over 16% and reduces false positive rates by more than 34% compared to state-of-the-art models. Furthermore, LeakFocus provides network operators with a probabilistic list of likely violators, speeding up response times. This framework offers significant practical value, facilitating faster localization and mitigation of routing leaks, and represents a notable advancement in managing the harmful effects of route leakage.