Temporal Representations for Detecting BGP Blackjack Attacks

Even though BGP blackholes are used to mitigate denial of service attacks, they also represent a major cybersecurity challenge to organizations. These challenges include abuse of route selection algorithms, lack of host verification, and maliciously triggering a blackhole, i.e. BGP blackjack. This research presents a supervised machine learning based approach for blackjack detection. We employ Naive Bayes and Decision Tree classifiers with three different temporal representations: (i) packets with/without timestamps; (ii) buffer of packets with/without timestamps; and (iii) overlapping / non-overlapping buffer of packets with/without timestamps. Our goal is to understand the effect of temporal data and context in the detection of blackjack attacks. Furthermore, we explore the most suitable attributes and solution complexity. Evaluations show that using overlapping buffer data with timestamps achieves the highest accuracy/recall using five of the seven BGP attributes. We also observe that high performance is not correlated with complex solutions.