MS-LSTM: A multi-scale LSTM model for BGP anomaly detection

Min Cheng; Qian Xu; Jianming Lv; Wenyin Liu; Qing Li; Jianping Wang

doi:10.1109/ICNP.2016.7785326

MS-LSTM: A multi-scale LSTM model for BGP anomaly detection

Min Cheng, Qian Xu, Jianming Lv, Wenyin Liu, Qing Li, Jianping Wang

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

85 Citations (Scopus)

Abstract

Detecting anomalous Border Gateway Protocol (BGP) traffic is significantly important in improving both security and robustness of the Internet. Existing solutions apply classic classifiers to make real-time decision based on the traffic features of present moment. However, due to the frequently happening burst and noise in dynamic Internet traffic, the decision based on short-term features is not reliable. To address this problem, we propose MS-LSTM, a multi-scale Long Short-Term Memory (LSTM) model to consider the Internet flow as a multi-dimensional time sequence and learn the traffic pattern from historical features in a sliding time window. In addition, we find that adopting different time scale to preprocess the traffic flow has great impact on the performance of all classifiers. In this paper, comprehensive experiments are conducted and the results show that a proper time scale can improve about 10% accuracy of LSTM as well as all conventional machine learning methods. Particularly, MS-LSTM with optimal time scale 8 can achieve 99.5% accuracy in the best case.

Original language	English
Title of host publication	2016 IEEE 24th International Conference on Network Protocols, ICNP 2016
Publisher	IEEE Computer Society
ISBN (Electronic)	9781509032815
DOIs	https://doi.org/10.1109/ICNP.2016.7785326
Publication status	Published - 14 Dec 2016
Externally published	Yes
Event	24th IEEE International Conference on Network Protocols, ICNP 2016 - Singapore, Singapore Duration: 8 Nov 2016 → 11 Nov 2016

Publication series

Name	Proceedings - International Conference on Network Protocols, ICNP
Volume	2016-December
ISSN (Print)	1092-1648

Conference

Conference	24th IEEE International Conference on Network Protocols, ICNP 2016
Country/Territory	Singapore
City	Singapore
Period	8/11/16 → 11/11/16

ASJC Scopus subject areas

Computer Networks and Communications
Software

More information

10.1109/ICNP.2016.7785326

Cite this

@inproceedings{a4b799a4e80546d9b516366d43eac6c0,

title = "MS-LSTM: A multi-scale LSTM model for BGP anomaly detection",

abstract = "Detecting anomalous Border Gateway Protocol (BGP) traffic is significantly important in improving both security and robustness of the Internet. Existing solutions apply classic classifiers to make real-time decision based on the traffic features of present moment. However, due to the frequently happening burst and noise in dynamic Internet traffic, the decision based on short-term features is not reliable. To address this problem, we propose MS-LSTM, a multi-scale Long Short-Term Memory (LSTM) model to consider the Internet flow as a multi-dimensional time sequence and learn the traffic pattern from historical features in a sliding time window. In addition, we find that adopting different time scale to preprocess the traffic flow has great impact on the performance of all classifiers. In this paper, comprehensive experiments are conducted and the results show that a proper time scale can improve about 10% accuracy of LSTM as well as all conventional machine learning methods. Particularly, MS-LSTM with optimal time scale 8 can achieve 99.5% accuracy in the best case.",

author = "Min Cheng and Qian Xu and Jianming Lv and Wenyin Liu and Qing Li and Jianping Wang",

year = "2016",

month = dec,

day = "14",

doi = "10.1109/ICNP.2016.7785326",

language = "English",

series = "Proceedings - International Conference on Network Protocols, ICNP",

publisher = "IEEE Computer Society",

booktitle = "2016 IEEE 24th International Conference on Network Protocols, ICNP 2016",

address = "United States",

note = "24th IEEE International Conference on Network Protocols, ICNP 2016 ; Conference date: 08-11-2016 Through 11-11-2016",

}

Cheng, M, Xu, Q, Lv, J, Liu, W, Li, Q & Wang, J 2016, MS-LSTM: A multi-scale LSTM model for BGP anomaly detection. in 2016 IEEE 24th International Conference on Network Protocols, ICNP 2016., 7785326, Proceedings - International Conference on Network Protocols, ICNP, vol. 2016-December, IEEE Computer Society, 24th IEEE International Conference on Network Protocols, ICNP 2016, Singapore, Singapore, 8/11/16. https://doi.org/10.1109/ICNP.2016.7785326

MS-LSTM: A multi-scale LSTM model for BGP anomaly detection. / Cheng, Min; Xu, Qian; Lv, Jianming et al.
2016 IEEE 24th International Conference on Network Protocols, ICNP 2016. IEEE Computer Society, 2016. 7785326 (Proceedings - International Conference on Network Protocols, ICNP; Vol. 2016-December).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - MS-LSTM

T2 - 24th IEEE International Conference on Network Protocols, ICNP 2016

AU - Cheng, Min

AU - Xu, Qian

AU - Lv, Jianming

AU - Liu, Wenyin

AU - Li, Qing

AU - Wang, Jianping

PY - 2016/12/14

Y1 - 2016/12/14

N2 - Detecting anomalous Border Gateway Protocol (BGP) traffic is significantly important in improving both security and robustness of the Internet. Existing solutions apply classic classifiers to make real-time decision based on the traffic features of present moment. However, due to the frequently happening burst and noise in dynamic Internet traffic, the decision based on short-term features is not reliable. To address this problem, we propose MS-LSTM, a multi-scale Long Short-Term Memory (LSTM) model to consider the Internet flow as a multi-dimensional time sequence and learn the traffic pattern from historical features in a sliding time window. In addition, we find that adopting different time scale to preprocess the traffic flow has great impact on the performance of all classifiers. In this paper, comprehensive experiments are conducted and the results show that a proper time scale can improve about 10% accuracy of LSTM as well as all conventional machine learning methods. Particularly, MS-LSTM with optimal time scale 8 can achieve 99.5% accuracy in the best case.

AB - Detecting anomalous Border Gateway Protocol (BGP) traffic is significantly important in improving both security and robustness of the Internet. Existing solutions apply classic classifiers to make real-time decision based on the traffic features of present moment. However, due to the frequently happening burst and noise in dynamic Internet traffic, the decision based on short-term features is not reliable. To address this problem, we propose MS-LSTM, a multi-scale Long Short-Term Memory (LSTM) model to consider the Internet flow as a multi-dimensional time sequence and learn the traffic pattern from historical features in a sliding time window. In addition, we find that adopting different time scale to preprocess the traffic flow has great impact on the performance of all classifiers. In this paper, comprehensive experiments are conducted and the results show that a proper time scale can improve about 10% accuracy of LSTM as well as all conventional machine learning methods. Particularly, MS-LSTM with optimal time scale 8 can achieve 99.5% accuracy in the best case.

UR - http://www.scopus.com/inward/record.url?scp=85009512572&partnerID=8YFLogxK

U2 - 10.1109/ICNP.2016.7785326

DO - 10.1109/ICNP.2016.7785326

M3 - Conference article published in proceeding or book

AN - SCOPUS:85009512572

T3 - Proceedings - International Conference on Network Protocols, ICNP

BT - 2016 IEEE 24th International Conference on Network Protocols, ICNP 2016

PB - IEEE Computer Society

Y2 - 8 November 2016 through 11 November 2016

ER -

MS-LSTM: A multi-scale LSTM model for BGP anomaly detection

Abstract

Publication series

Conference

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this