Yuval Shavitt

Tel Aviv University, Israel
a man with glasses
© Yuval Shavitt
shavitt@eng.tau.ac.il
Machine Learning Solutions for detection of attacks on Internet Routing
Wed 31 Jul

Yuval Shavitt 01/01

Professor of Electrical Engineering at Tel Aviv University. Before joining Tel Aviv University, he worked for four years at the Networking Center of Bell Labs, Holmdel, NJ. Has published seminal papers in the fields of network science, caching, routing, IP hijack attacks, traffic classification and network measurements. He appears on the Stanford top 2% scientists list.


In 2004 he started the DIMES project for mapping the Internet infrastructure using thousands of lightweight software agents, which revolutionized the field of Internet measurement and mapping. Data gathered by DIMES was used by academians worldwide. In 2014 he established BGProtect, a company that uses the DIMES approach to protect nations and large organizations against IP hijack attacks and provide network infrastructure threat intelligence.


In the recent years he studies usage of Deep Learning for solving networking problems with emphasis on network security. His research concentrate at two topics: traffic classification, and routing attack identification.

Machine Learning Solutions for detection of attacks on Internet Routing

Attacks on Internet routing have a long history. Early on, attacks used simple IP hijacking, but now they also include routing deflection using manipulations at the BGP level or even at the data plane.

However, defenses against such attacks are falling behind. RPKI is a standard that is (too) slowly deployed in order to protect against IP hijack attacks, when reaching a critical point it will make such attacks almost impossible. However, RPKI only protects against falsified first hop in the BGP path attribute, while manipulation of other hops has no solution with RPKI. Even the detection of route manipulations is not trivial.

In this talk I will present a Machine Learning approach, BGP2Vec, to detect such attacks with high accuracy and low false alarm rate. BGP2Vec is based on embedding of the ASNs in a latent space in a way that captures the role of an ASN in the routing. This allows us to cluster ASNs and identify a manipulation of a route if an ASN is replaced with one from a different cluster. I will also discuss embedding of Address Prefixes (AP) in the same space and its advantages for deflection attacks. Finally, I will show how to combine the route geography with ML to detect deflection attacks.

Submit your paper here!
Your academic contribution for ARES 2024.