BGP Anomaly Prediction Using Ensemble Learning
This paper investigates anomalies such as worms, power outages, and routing table leak (RTL) events occurring in Border Gateway Protocol (BGP) that can cause connectivity and data loss issues. Ensemble learning is a machine learning model employing multiple classifiers in order to reliably identify network anomalies. We use bagging, boosting, and random forests ensemble models trained on network anomaly datasets for classification improvement. Models were compared with respect to the following performance metrics: F-measure, Matthews correlation coefficient (MCC), Receiver operating characteristic (ROC) curve, precision-recall (PR) curves and model execution time. We observed improvement in performance measures when ensemble classifiers realized in Python were used in comparison to our previously reported results on single classifiers. Further improvement in most performance measures was observed by using sampling techniques (oversampling and undersampling) on anomalous datasets. This approach increases model execution time which is not favorable for real-time anomaly detection models.