BEAR: BGP Event Analysis and Reporting
- URL: http://arxiv.org/abs/2506.04514v1
- Date: Wed, 04 Jun 2025 23:34:36 GMT
- Title: BEAR: BGP Event Analysis and Reporting
- Authors: Hanqing Li, Melania Fedeli, Vinay Kolar, Diego Klabjan,
- Abstract summary: Border Gateway Protocol (BGP) anomalies can divert traffic through unauthorized or inefficient paths, jeopardizing network reliability and security.<n>BGP Event Analysis and Reporting framework generates comprehensive reports explaining detected BGP anomaly events.<n> BEAR achieves 100% accuracy, outperforming Chain-of-Thought and in-context learning baselines.
- Score: 10.153790653358625
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The Internet comprises of interconnected, independently managed Autonomous Systems (AS) that rely on the Border Gateway Protocol (BGP) for inter-domain routing. BGP anomalies--such as route leaks and hijacks--can divert traffic through unauthorized or inefficient paths, jeopardizing network reliability and security. Although existing rule-based and machine learning methods can detect these anomalies using structured metrics, they still require experts with in-depth BGP knowledge of, for example, AS relationships and historical incidents, to interpret events and propose remediation. In this paper, we introduce BEAR (BGP Event Analysis and Reporting), a novel framework that leverages large language models (LLMs) to automatically generate comprehensive reports explaining detected BGP anomaly events. BEAR employs a multi-step reasoning process that translates tabular BGP data into detailed textual narratives, enhancing interpretability and analytical precision. To address the limited availability of publicly documented BGP anomalies, we also present a synthetic data generation framework powered by LLMs. Evaluations on both real and synthetic datasets demonstrate that BEAR achieves 100% accuracy, outperforming Chain-of-Thought and in-context learning baselines. This work pioneers an automated approach for explaining BGP anomaly events, offering valuable operational insights for network management.
Related papers
- Interpretable Anomaly Detection in Encrypted Traffic Using SHAP with Machine Learning Models [0.0]
This study aims to develop an interpretable machine learning-based framework for anomaly detection in encrypted network traffic.<n>Models are trained and evaluated on three benchmark encrypted traffic datasets.<n> SHAP visualizations successfully revealed the most influential traffic features contributing to anomaly predictions.
arXiv Detail & Related papers (2025-05-22T05:50:39Z) - Cybersecurity threat detection based on a UEBA framework using Deep Autoencoders [0.0]
We introduce the first implementation of an explainable UEBA-based anomaly detection framework.<n>Based on the theoretical foundations of neural networks, we offer a novel proof demonstrating the equivalence of two widely used definitions for fully-connected neural networks.<n>Our findings suggest that the proposed UEBA framework can be seamlessly integrated into enterprise environments.
arXiv Detail & Related papers (2025-05-14T13:18:12Z) - Take Package as Language: Anomaly Detection Using Transformer [4.682574058690321]
This paper proposes NIDS-GPT, a GPT-based causal language model for network intrusion detection.<n>NIDS-GPT treats each number in the packet as an independent "word" rather than packet fields, enabling a more fine-grained data representation.<n> Experiments on the CICIDS 2017 and car-hacking datasets show that NIDS-GPT achieves 100% accuracy under extreme imbalance conditions.
arXiv Detail & Related papers (2024-11-15T02:00:43Z) - Provable Robustness of (Graph) Neural Networks Against Data Poisoning and Backdoor Attacks [50.87615167799367]
We certify Graph Neural Networks (GNNs) against poisoning attacks, including backdoors, targeting the node features of a given graph.
Our framework provides fundamental insights into the role of graph structure and its connectivity on the worst-case behavior of convolution-based and PageRank-based GNNs.
arXiv Detail & Related papers (2024-07-15T16:12:51Z) - DFA-GNN: Forward Learning of Graph Neural Networks by Direct Feedback Alignment [57.62885438406724]
Graph neural networks are recognized for their strong performance across various applications.
BP has limitations that challenge its biological plausibility and affect the efficiency, scalability and parallelism of training neural networks for graph-based tasks.
We propose DFA-GNN, a novel forward learning framework tailored for GNNs with a case study of semi-supervised learning.
arXiv Detail & Related papers (2024-06-04T07:24:51Z) - DIGIC: Domain Generalizable Imitation Learning by Causal Discovery [69.13526582209165]
Causality has been combined with machine learning to produce robust representations for domain generalization.
We make a different attempt by leveraging the demonstration data distribution to discover causal features for a domain generalizable policy.
We design a novel framework, called DIGIC, to identify the causal features by finding the direct cause of the expert action from the demonstration data distribution.
arXiv Detail & Related papers (2024-02-29T07:09:01Z) - Weighted Ensembles for Active Learning with Adaptivity [60.84896785303314]
This paper presents an ensemble of GP models with weights adapted to the labeled data collected incrementally.
Building on this novel EGP model, a suite of acquisition functions emerges based on the uncertainty and disagreement rules.
An adaptively weighted ensemble of EGP-based acquisition functions is also introduced to further robustify performance.
arXiv Detail & Related papers (2022-06-10T11:48:49Z) - Topological Data Analysis for Anomaly Detection in Host-Based Logs [1.0878040851638]
We present an approach that builds a filtration of simplicial complexes directly from Windows logs, enabling analysis of their intrinsic structure using topological tools.
We end by discussing the potential for our methods to be used as part of an explainable framework for anomaly detection.
arXiv Detail & Related papers (2022-04-25T20:41:02Z) - A Multi-View Framework for BGP Anomaly Detection via Graph Attention
Network [4.120328427084187]
Border Gateway Protocols (BGP) is the default protocol for exchanging routing reachability information on the Internet.
BGP anomalous detection model ensures stable routing services on the Internet through its real-time monitoring and alerting capabilities.
arXiv Detail & Related papers (2021-12-23T05:03:52Z) - LogLAB: Attention-Based Labeling of Log Data Anomalies via Weak
Supervision [63.08516384181491]
We present LogLAB, a novel modeling approach for automated labeling of log messages without requiring manual work by experts.
Our method relies on estimated failure time windows provided by monitoring systems to produce precise labeled datasets in retrospect.
Our evaluation shows that LogLAB consistently outperforms nine benchmark approaches across three different datasets and maintains an F1-score of more than 0.98 even at large failure time windows.
arXiv Detail & Related papers (2021-11-02T15:16:08Z) - Incremental Ensemble Gaussian Processes [53.3291389385672]
We propose an incremental ensemble (IE-) GP framework, where an EGP meta-learner employs an it ensemble of GP learners, each having a unique kernel belonging to a prescribed kernel dictionary.
With each GP expert leveraging the random feature-based approximation to perform online prediction and model update with it scalability, the EGP meta-learner capitalizes on data-adaptive weights to synthesize the per-expert predictions.
The novel IE-GP is generalized to accommodate time-varying functions by modeling structured dynamics at the EGP meta-learner and within each GP learner.
arXiv Detail & Related papers (2021-10-13T15:11:25Z) - Privacy-preserving Traffic Flow Prediction: A Federated Learning
Approach [61.64006416975458]
We propose a privacy-preserving machine learning technique named Federated Learning-based Gated Recurrent Unit neural network algorithm (FedGRU) for traffic flow prediction.
FedGRU differs from current centralized learning methods and updates universal learning models through a secure parameter aggregation mechanism.
It is shown that FedGRU's prediction accuracy is 90.96% higher than the advanced deep learning models.
arXiv Detail & Related papers (2020-03-19T13:07:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.