Abstract

Analyzing and detecting Border Gateway Protocol (BGP) anomalies are topics of great interest in cybersecurity. Various anomaly detection approaches such as time series and historical-based analysis, statistical validation, reachability checks, and machine learning have been applied to BGP datasets. In this paper, we use BGP update messages collected from Réseaux IP Europeens and Route Views to detect BGP anomalies caused by Slammer worm, WannaCrypt ransomware, and Moscow blackout by employing recurrent neural network machine learning algorithms.