Border Gateway Protocol (BGP) datasets with routing records collected from Reseaux IP Europeens (RIPE) and BCNET
BGP datasets
We consider three well-known BGP anomalies: Slammer, Nimda, and Code Red I, which occurred in January 2003,
September 2001, and July 2001, respectively. The Route Views and Reseaux IP Europeens (RIPE) BGP
update messages are publicly available. Data from the RIPE Network Coordination Centre (NCC) were collected in December
2011 and reflect higher traffic volume due to the historical growth of the Internet.
Slammer infected Microsoft SQL servers through a small piece of code that generated IP addresses at random. The
number of infected machines doubled approximately every 9 seconds. Nimda exploited vulnerabilities in the Microsoft
Internet Information Services (IIS) web servers for Internet Explorer 5. The worm propagated by sending an infected
attachment that was automatically downloaded once the email was viewed. The Code Red I worm attacked Microsoft IIS web
servers by replicating itself through IIS server weaknesses. Unlike the Slammer worm, Code Red I searched for vulnerable
servers to infect. The rate of infection was doubling every 37 minutes. Datasets containing BGP anomalies are collected
from RIPE while regular datasets are collected from both RIPE and BCNET. We use 37 features extracted from
BGP update messages that originated from AS 513 (route collector rrc 04). The data were collected during periods of
Internet anomalies. Five-day periods are considered: the day of the attack as well as two days prior and two days after
the attack.
Download BGP datasess
The BGP datasets are available at:
BGP_datasets_for_anomaly_detection_cnl.zip
Qingye Ding's M.A.Sc. thesis:
"Application
of machine learning techniques for detecting anomalies in communication networks" and
presentation slides, June 2018.
Book chapter:
Q. Ding, Z. Li, S. Haeri, and Lj. Trajkovic,
"Application
of machine learning techniques to detecting anomalies in communication networks: datasets and feature selection algorithms,"
in Cyber Threat Intelligence, M. Conti, A. Dehghantanha, and T. Dargahi, Eds., Berlin: Springer, pp. 47-70, 2018.
Book chapter:
Z. Li, Q. Ding, S. Haeri, and Lj. Trajkovic,
"Application
of machine learning techniques to detecting anomalies in communication networks: classification algorithms,"
in Cyber Threat Intelligence, M. Conti, A. Dehghantanha, and T. Dargahi, Eds., Berlin: Springer, pp. 71-92, 2018.
Paper:
P. Batta, M. Singh, Z. Li, Q. Ding, and Lj. Trajkovic,
"Evaluation of support vector machine kernels for detecting network anomalies,"
IEEE Int. Symp. Circuits and Systems, Florence, Italy, May 2018, pp. 1-4.
Presentation:
P. Batta, M. Singh, Z. Li, Q. Ding, and Lj. Trajkovic,
"Evaluation
of support vector machine kernels for detecting network anomalies,"
Proc. IEEE Int. Symp. Circuits and Systems,
Florence, Italy, May 2018, pp. 1-4.
Publication: Q. Ding, Z. Li, P. Batta, and Lj. Trajkovic,
"Detecting BGP anomalies using machine learning techniques,"
in Proc. IEEE International Conference on Systems, Man, and Cybernetics (SMC 2016),
Budapest, Hungary, Oct. 2016, pp. 3352-3355.
Poster: Q. Ding, Z. Li, P. Batta, and Lj. Trajkovic,
"Detecting BGP anomalies using machine learning techniques,"
in Proc. IEEE International Conference on Systems, Man, and Cybernetics (SMC 2016),
Budapest, Hungary, Oct. 2016, pp. 3352-3355.
If you have any questions, please contact Zhida Li at <zhidal at sfu.ca>.