Large-Scale BGP Routing Anomaly Detection Based on Graph Attention Auto-Encoder

Download PDF
Open Webpage

Zekang Wang, Fuxiang Yuan, Han Qiu, Yan Liu, Xiangyang Luo

Published: 2026, Last Modified: 11 Mar 2026IEEE Trans. Netw. Serv. Manag. 2026EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: The Border Gateway Protocol (BGP) enables the exchange of routing information between Autonomous Systems (ASes). The lack of routing verification makes it susceptible to routing anomalies with major impact. Detecting large-scale routing anomalies is crucial for monitoring network operation status. However, existing methods are affected by interference from non-important ASes and insufficient labeled data, necessitating improvements in detection performance. In this paper, a large-scale BGP routing anomaly detection method based on a graph attention auto-encoder is proposed. First, normal BGP data is collected to construct AS-level topology graphs. Then, the graph attention auto-encoder model is pre-trained on topology graphs, where an attention mechanism is introduced to assign higher weights to important ASes. Next, the AS-level topology graph sequence is extracted from BGP data, and the pre-trained model is utilized to obtain AS embeddings. Finally, the AS embedding is classified to detect large-scale BGP routing anomalies based on multi-layer perceptron. The large-scale BGP routing anomaly event dataset is constructed using 4,577,384 routing announcements, and extensive experiments are conducted. The results show that the proposed method has significant advantages. Compared with typical methods BSVM, BLSTM, BMLP, BGNN, BGIN, and BGAE, the detection accuracy increased by 14.47%, 3.73%, 8.11%, 2.64%, 5.99%, and 1.04%, respectively.