MS-LSTM: a Multi-Scale LSTM Model for BGP Anomaly Detection

Min Cheng; Qian Xu; Jianming Lv; Wenyin Liu; Qing Li; Jianping Wang

doi:10.1109/ICNP.2016.7785326

MS-LSTM: a Multi-Scale LSTM Model for BGP Anomaly Detection

Min Cheng, Qian Xu, Jianming Lv, Wenyin Liu^*, Qing Li^*, Jianping Wang

^*Corresponding author for this work

Department of Computer Science

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

91 Citations (Scopus)

Abstract

Detecting anomalous Border Gateway Protocol (BGP) traffic is significantly important in improving both security and robustness of the Internet. Existing solutions apply classic classifiers to make real-time decision based on the traffic features of present moment. However, due to the frequently happening burst and noise in dynamic Internet traffic, the decision based on short-term features is not reliable. To address this problem, we propose MS-LSTM, a multi-scale Long Short-Term Memory (LSTM) model to consider the Internet flow as a multi-dimensional time sequence and learn the traffic pattern from historical features in a sliding time window. In addition, we find that adopting different time scale to preprocess the traffic flow has great impact on the performance of all classifiers. In this paper, comprehensive experiments are conducted and the results show that a proper time scale can improve about 10% accuracy of LSTM as well as all conventional machine learning methods. Particularly, MS-LSTM with optimal time scale 8 can achieve 99.5% accuracy in the best case.

Original language	English
Title of host publication	2016 IEEE 24th International Conference on Network Protocols (ICNP)
Publisher	IEEE
ISBN (Electronic)	9781509032808
ISBN (Print)	9781509032815
DOIs	https://doi.org/10.1109/ICNP.2016.7785326
Publication status	Published - Nov 2016
Event	24th IEEE International Conference on Network Protocols (ICNP 2016) - Singapore, Singapore Duration: 8 Nov 2016 → 11 Nov 2016

Publication series

Name
ISSN (Print)	1092-1648

Conference

Conference	24th IEEE International Conference on Network Protocols (ICNP 2016)
Place	Singapore
City	Singapore
Period	8/11/16 → 11/11/16

Access Output

10.1109/ICNP.2016.7785326

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@inproceedings{b524041ca81646f699b2bf14a03a8a22,

title = "MS-LSTM: a Multi-Scale LSTM Model for BGP Anomaly Detection",

abstract = "Detecting anomalous Border Gateway Protocol (BGP) traffic is significantly important in improving both security and robustness of the Internet. Existing solutions apply classic classifiers to make real-time decision based on the traffic features of present moment. However, due to the frequently happening burst and noise in dynamic Internet traffic, the decision based on short-term features is not reliable. To address this problem, we propose MS-LSTM, a multi-scale Long Short-Term Memory (LSTM) model to consider the Internet flow as a multi-dimensional time sequence and learn the traffic pattern from historical features in a sliding time window. In addition, we find that adopting different time scale to preprocess the traffic flow has great impact on the performance of all classifiers. In this paper, comprehensive experiments are conducted and the results show that a proper time scale can improve about 10% accuracy of LSTM as well as all conventional machine learning methods. Particularly, MS-LSTM with optimal time scale 8 can achieve 99.5% accuracy in the best case.",

author = "Min Cheng and Qian Xu and Jianming Lv and Wenyin Liu and Qing Li and Jianping Wang",

year = "2016",

month = nov,

doi = "10.1109/ICNP.2016.7785326",

language = "English",

isbn = "9781509032815",

publisher = "IEEE",

booktitle = "2016 IEEE 24th International Conference on Network Protocols (ICNP)",

address = "United States",

note = "24th IEEE International Conference on Network Protocols (ICNP 2016) ; Conference date: 08-11-2016 Through 11-11-2016",

}

TY - GEN

T1 - MS-LSTM

T2 - 24th IEEE International Conference on Network Protocols (ICNP 2016)

AU - Cheng, Min

AU - Xu, Qian

AU - Lv, Jianming

AU - Liu, Wenyin

AU - Li, Qing

AU - Wang, Jianping

PY - 2016/11

Y1 - 2016/11

N2 - Detecting anomalous Border Gateway Protocol (BGP) traffic is significantly important in improving both security and robustness of the Internet. Existing solutions apply classic classifiers to make real-time decision based on the traffic features of present moment. However, due to the frequently happening burst and noise in dynamic Internet traffic, the decision based on short-term features is not reliable. To address this problem, we propose MS-LSTM, a multi-scale Long Short-Term Memory (LSTM) model to consider the Internet flow as a multi-dimensional time sequence and learn the traffic pattern from historical features in a sliding time window. In addition, we find that adopting different time scale to preprocess the traffic flow has great impact on the performance of all classifiers. In this paper, comprehensive experiments are conducted and the results show that a proper time scale can improve about 10% accuracy of LSTM as well as all conventional machine learning methods. Particularly, MS-LSTM with optimal time scale 8 can achieve 99.5% accuracy in the best case.

AB - Detecting anomalous Border Gateway Protocol (BGP) traffic is significantly important in improving both security and robustness of the Internet. Existing solutions apply classic classifiers to make real-time decision based on the traffic features of present moment. However, due to the frequently happening burst and noise in dynamic Internet traffic, the decision based on short-term features is not reliable. To address this problem, we propose MS-LSTM, a multi-scale Long Short-Term Memory (LSTM) model to consider the Internet flow as a multi-dimensional time sequence and learn the traffic pattern from historical features in a sliding time window. In addition, we find that adopting different time scale to preprocess the traffic flow has great impact on the performance of all classifiers. In this paper, comprehensive experiments are conducted and the results show that a proper time scale can improve about 10% accuracy of LSTM as well as all conventional machine learning methods. Particularly, MS-LSTM with optimal time scale 8 can achieve 99.5% accuracy in the best case.

UR - http://www.scopus.com/inward/record.url?scp=85009512572&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85009512572&origin=recordpage

U2 - 10.1109/ICNP.2016.7785326

DO - 10.1109/ICNP.2016.7785326

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9781509032815

BT - 2016 IEEE 24th International Conference on Network Protocols (ICNP)

PB - IEEE

Y2 - 8 November 2016 through 11 November 2016

ER -

MS-LSTM: a Multi-Scale LSTM Model for BGP Anomaly Detection

Abstract

Publication series

Conference

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this