Selection of Effective Features for BGP Anomaly Detection

Border Gateway Protocol (BGP) is the internet's default protocol for managing connectivity between Autonomous Systems (AS). Anomalies happen to occur time to time and it is a threat to cyber security. There are various types of BGP anomalies and over the years researches have been done for their detection. Here machine learning techniques are used for detection of BGP anomaly from BGP update messages by considering the problem as a two class classification problem. A set of 35 features are extracted from BGP update messages for Slammer, Nimda and Code Red I attacks. The main objective of this study is to find out important features for detection of BGP anomaly. Popular feature selection algorithms, wrapper as well as several filter based algorithms are used for feature ranking. It is found that at most top 10 features are sufficient for the best classification accuracy which is verified by several classifiers.