Abstract—This paper investigates anomalies such as worms, power outages, and routing table leak (RTL) events occurring in Border Gateway Protocol (BGP) that can cause connectivity and data loss issues. Ensemble learning is a machine learning model employing multiple classifiers in order to reliably identify network anomalies. We use bagging, boosting, and random forests ensemble models trained on network anomaly datasets for classification improvement. Models were compared with respect to the following performance metrics: F-measure, Matthews correlation coefficient (MCC), Receiver operating characteristic (ROC) curve, precision-recall (PR) curves and model execution time. We observed improvement in performance measures when ensemble classifiers realized in Python were used in comparison to our previously reported results on single classifiers. Further improvement in most performance measures was observed by using sampling techniques (oversampling and undersampling) on anomalous datasets. This approach increases model execution time which is not favorable for real-time anomaly detection models.
Index Terms—BGP, bagging, boosting, random forest.
M. Cosovic is with the University of East Sarajevo, Faculty of Electrical Engineering, Istocno Sarajevo, Bosnia and Hercegovina (e-mail: marijana.cosovic@etf.ues.rs.ba).
E. Junuz is with Dzemal Bijedic University, Faculty of Information Technology, Mostar, Bosnia and Hercegovina (e-mail: emina@edu.fit.ba).
Cite: Marijana Cosovic and Emina Junuz, "BGP Anomaly Prediction Using Ensemble Learning," International Journal of Machine Learning and Computing vol. 9, no. 4, pp. 452-457, 2019.
Copyright © 2019 by the authors. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).