Research On The Construction And Application Of BGP Routing Information Knowledge Graph

In the last few years,research and applications on knowledge graph have gained rapid momentum,providing new ideas and perspectives for analyzing and solving practical problems in the industry.Generally,traditional BGP anomaly detection methods rely mainly on the relational database.However,the drawbacks in multi-layer association analysis and the lack of flexibility in data storage are limiting factors for efficient anomaly detection.In this paper,we extend the concept of knowledge graph to construct BGP routing information knowledge graph,and apply it to the problem of BGP anomaly detection.This paper comprises the following research components:1.This paper constructs BGP routing information knowledge graph based on the method of domain knowledge graph.Given the problems of fragmentation of Internet public routing information resources,the BGP routing information knowledge graph is constructed from top to bottom according to the construction method of the domain knowledge graph,based on the structural consistency of the BGP network topology and knowledge graph.The knowledge graph integrates the routing information resources on the Internet by saving BGP routing information in neo4 j graph database.With relationship mining and knowledge update,internal relationships among knowledge graph entities are further enhanced and expanded,and attributes of entities and relationships are enriched as well.The experiments demonstrate that this method can fully take the unique advantages of graph database in graph traversal and multilayer relational data retrieval,and lay a solid foundation for the application of BGP anomaly detection based on knowledge graph.2.This paper investigates abnormal multiple origin AS(MOAS)conflict detection based on BGP routing information knowledge graph.In view of the large amount of MOAS conflict data and the difficulty in judging abnormal data in BGP MOAS conflict detection,this paper proposes an approach for detecting abnormal MOAS conflict based on BGP routing information knowledge graph and graph embedded knowledge representation.In detail,the abnormal MOAS conflicts of the whole network are reduced to a very small range based on the knowledge graph of BGP routing information,while the knowledge representation method derived from Node2 Vec graph embedding technology is applied to anomaly analysis to greatly improve the efficiency of anomaly detection.The results of the experiments suggest that the method proposed in this paper is more comprehensive and accurate than the traditional abnormal MOAS conflict detection method.3.This paper deals with path hijacking detection using BGP routing information knowledge graph.In order to effectively detect BGP path hijacking,this paper proposes a path hijacking detection method based on BGP routing information knowledge graph and word frequency analysis.The data of the last＿hop attribute in routing paths were added to the Prefix＿AS relationship between Prefix entities and AS entities.The last＿hop set of each Prefix were extracted.After excluding the normal last＿hop nodes,the TF-IDF algorithm is improved to transform the anomaly detection problem into a quantifiable data statistics problem.The IDF value can represent the suspicious degree of the abnormal path and the TF-IDF value can represent the influence degree of the abnormal path on the entire network.The experiments indicate that this method is capable of overriding the lack of effectiveness in BGP anomaly detection for path hijacking.4.This paper presents the design and implementation of a prototype system based on BGP routing information knowledge graph.This part is mainly about the concrete realization of the previous theories and methods,in which the system mainly incorporates data acquisition module,knowledge graph building module,Cypher query module,data analysis and anomaly detection module.The prototype system was constructed to analyze the data of BGP update messages from the previous six months,and the outcomes were compared with the data provided by bgpstream.com.The experiments prove that the performance of the prototype system is superior to that of bgpstream.com platform in terms of comprehensiveness and integrity of BGP anomaly detection results.In addition,this prototype discovered an obvious prefix hijacking event and a path hijacking event according to the analysis of BGP update messages during the last half year.The real-life discoveries have validated the unique advantages of the proposed method,as well as the practicality and reliability of the prototype system in BGP anomaly detection.