Multi-Scale LSTM Model for BGP Anomaly Classification

M. Cheng, Qing Li, J. Lv, W. Liu, J. Wang

Research output: Journal article publicationJournal articleAcademic researchpeer-review

28 Citations (Scopus)


IEEE As a policy-based routing protocol, the primary purpose of Border Gateway Protocol (BGP) is to exchange routing reachability information to provide sufficient end-to-end Quality-of-Service (QoS). The constant increase of anomalous traffic of BGP affects the connectivity and reachability of routing information among different Autonomous Systems (ASs), which calls for building accurate alerting models to provide stable routing services in the Internet. The previous works classify anomalies without considering the characteristic of multiple time scales, which may lead to inaccurate classification. In this paper, we propose a novel Multi-Scale Long Short-Term Memory (MSLSTM) model to capture the anomalous behaviors from BGP traffic. In our model, a Discrete Wavelet Transform is used to obtain temporal information on multiple scales, and a hierarchical two-layer LSTM architecture is devised where the first layer learns the attentions of different time scales to generate an integrated historical representation, and the second layer captures the temporal dependency in the learned representation. To evaluate the feasibility in different alerting scenarios, we conduct comprehensive experiments based on several BGP data sets collected from real world applications. The results demonstrate that our model achieves a promising performance compared with the state-of-the-art approaches.
Original languageEnglish
JournalIEEE Transactions on Services Computing
Publication statusAccepted/In press - 9 Apr 2018
Externally publishedYes


  • Anomaly Classification
  • BGP
  • Time series analysis
  • Discrete Wavelet Transform
  • Discrete wavelet transforms
  • Feature extraction
  • Internet
  • LSTM
  • Microsoft Windows
  • Multi-Scale
  • Routing

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications
  • Information Systems and Management


Dive into the research topics of 'Multi-Scale LSTM Model for BGP Anomaly Classification'. Together they form a unique fingerprint.

Cite this