Enhancing BGP security with MAD anomaly detection system and machine learning techniques

Simple item page
dc.audience.educationlevelEmpresas/Companies
dc.contributor.advisorCantoral Ceballos, José Antonio
dc.contributor.authorRomo Chavero, María Andrea
dc.contributor.catalogeremipsanchez
dc.contributor.committeememberBotero Vega, Juan Felipe
dc.contributor.committeememberNavarro Barrón, Francisco Javier
dc.contributor.departmentSchool of Engineering and Sciences
dc.contributor.institutionCampus Monterrey
dc.contributor.mentorPérez Díaz, Jesús Arturo
dc.date.accepted2024-10-31
dc.date.accessioned2024-12-30T21:29:46Z
dc.date.embargoenddate2025-12-31
dc.date.issued2024-12
dc.descriptionhttps://orcid.org/0000-0001-5597-939X
dc.description.abstractAnomalies in the Border Gateway Protocol (BGP) represent a signicant vulnerability in the Internet’s infrastructure, as they can cause widespread disruptions, trafc misdirection, and even security breaches. Proactive detection of these anomalies is vital to preserving network stability and preventing potential cyberattacks. In response to this challenge, we present the Median Absolute Deviation (MAD) anomaly detection system, which combines traditional statistical methods with advanced machine learning (ML) techniques for more precise and dynamic detection. Our approach introduces a novel adaptive threshold mechanism, allowing the system to adjust based on the changing conditions of network trafc. This dynamic thresholding signif- icantly improves the accuracy, precision, and F1-score of anomaly detection compared to the previous xed-threshold version. Additionally, we integrate the MAD system with a diverse ML classiers, including Random Forest, XGBoost, LightGBM, CatBoost, and ExtraTrees to enhance the system’s ability to identify complex patterns that indicate unusual BGP behavior.We evaluate our detection system on well-documented BGP anomaly events, such as the Slammer worm, Nimda, Code Red 1 v2, the Moscow blackout, and the Telekom Malaysia misconguration. The results show that our system when combined with ML models achieves an overall accuracy and F1-score of 0.99, demonstrating its effectiveness across various anomaly types. By using both statistical and ML models, the system is able to capture irregularities that could signal security threats, offering a more comprehensive detection solution.This research highlights the importance of combining statistical anomaly detection with ML to obtain a balance between accuracy and computational efciency. The system’s low resource requirements and minimal pre-processing make it highly scalable, allowing it to be potentially deployed in real-time on large-scale networks.
dc.description.degreeMaster of Science in Computer Science
dc.format.mediumTexto
dc.identificator|330417
dc.identifier.citationRomo Chavero, M. A. (2024). Enhancing BGP security with MAD anomaly detection system and machine learning techniques. [Tesis maestría]. Instituto Tecnológico y de Estudios Superiores de Monterrey.
dc.identifier.cvu1276195
dc.identifier.orcidhttps://orcid.org/0009-0002-5224-1343
dc.identifier.urihttps://hdl.handle.net/11285/702954
dc.identifier.urihttps://doi.org/10.60473/ritec.30
dc.language.isoeng
dc.publisherInstituto Tecnológico y de Estudios Superiores de Monterrey
dc.relation.isFormatOfacceptedVersion
dc.rightsopenAccess
dc.rights.embargoreasonExiste una publicación en revisión.
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0
dc.subject.classificationINGENIERÍA Y TECNOLOGÍA::CIENCIAS TECNOLÓGICAS::TECNOLOGÍA DE LOS ORDENADORES::SISTEMAS EN TIEMPO REAL
dc.subject.classificationCIENCIAS FÍSICO MATEMÁTICAS Y CIENCIAS DE LA TIERRA::MATEMÁTICAS::CIENCIA DE LOS ORDENADORES::SISTEMAS EN TIEMPO REAL
dc.subject.keywordBorder Gateway Protocol
dc.subject.keywordMedian Absolute Deviation (MAD)
dc.subject.keywordAnomaly Detection
dc.subject.keywordBGP Security
dc.subject.keywordMachine Learning
dc.subject.keywordDynamic Thresholding
dc.subject.keywordNetwork Stability
dc.subject.keywordRouting Protocols
dc.subject.keywordCybersecurity
dc.subject.keywordTraffic Analysis
dc.subject.lcshTechnology
dc.titleEnhancing BGP security with MAD anomaly detection system and machine learning techniques
dc.typeTesis de Maestría / master Thesis

Files

Original bundle

Now showing 1 - 3 of 3
Thumbnail Image
Name:
RomoChavero_TesisMaestriapdfa.pdf
Size:
3.15 MB
Format:
Adobe Portable Document Format
Description:
Tesis Maestría
Download
Thumbnail Image
Name:
RomoChavero_ActaGradoDeclaracionAutoriapdfa.pdf
Size:
315.19 KB
Format:
Adobe Portable Document Format
Description:
Acta de Grado y Declaración de Autoría
Request a copy
Thumbnail Image
Name:
RomoChavero_CartaAutorización.pdf
Size:
159.82 KB
Format:
Adobe Portable Document Format
Description:
Carta Autorización
Request a copy

License bundle

Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
1.28 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Ciencias Exactas y Ciencias de la Salud
logo

El usuario tiene la obligación de utilizar los servicios y contenidos proporcionados por la Universidad, en particular, los impresos y recursos electrónicos, de conformidad con la legislación vigente y los principios de buena fe y en general usos aceptados, sin contravenir con su realización el orden público, especialmente, en el caso en que, para el adecuado desempeño de su actividad, necesita reproducir, distribuir, comunicar y/o poner a disposición, fragmentos de obras impresas o susceptibles de estar en formato analógico o digital, ya sea en soporte papel o electrónico. Ley 23/2006, de 7 de julio, por la que se modifica el texto revisado de la Ley de Propiedad Intelectual, aprobado

DSpace software copyright © 2002-2026

Licencia