{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T19:45:26Z","timestamp":1775504726732,"version":"3.50.1"},"reference-count":33,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2024,4,25]],"date-time":"2024-04-25T00:00:00Z","timestamp":1714003200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Fondo Regional para la Innovaci\u00f3n Digital en America Latina y el Caribe (FRIDA)"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The stability and reliability of the global Internet infrastructure heavily rely on the Border Gateway Protocol (BGP), a crucial protocol that facilitates the exchange of routing information among various Autonomous Systems, ensuring seamless connectivity worldwide. However, BGP inherently possesses a susceptibility to abnormal routing behaviors, potentially leading to significant connectivity disruptions. Despite extensive efforts, accurately detecting and effectively mitigating such abnormalities persist as tough challenges. To tackle these, this article proposes a novel statistical approach employing the median absolute deviation under certain constraints to proactively detect anomalies in BGP. By applying advanced analysis techniques, this research offers a robust method for the early detection of anomalies, such as Internet worms, configuration errors, and link failures. This innovative approach has been empirically validated, achieving an accuracy rate of 90% and a precision of 95% in identifying these disruptions. This high level of precision and accuracy not only confirms the effectiveness of the statistical method employed but also marks a significant step forward for enhancing the stability and reliability of the global Internet infrastructure.<\/jats:p>","DOI":"10.3390\/fi16050146","type":"journal-article","created":{"date-parts":[[2024,4,25]],"date-time":"2024-04-25T05:26:13Z","timestamp":1714022773000},"page":"146","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Median Absolute Deviation for BGP Anomaly Detection"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-5224-1343","authenticated-orcid":false,"given":"Maria Andrea","family":"Romo-Chavero","sequence":"first","affiliation":[{"name":"School of Engineering and Sciences, Tecnologico de Monterrey, Monterrey 64849, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5597-939X","authenticated-orcid":false,"given":"Jose Antonio","family":"Cantoral-Ceballos","sequence":"additional","affiliation":[{"name":"School of Engineering and Sciences, Tecnologico de Monterrey, Monterrey 64849, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7678-5487","authenticated-orcid":false,"given":"Jesus Arturo","family":"P\u00e9rez-D\u00edaz","sequence":"additional","affiliation":[{"name":"School of Engineering and Sciences, Tecnologico de Monterrey, Monterrey 64849, Mexico"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8828-5239","authenticated-orcid":false,"given":"Carlos","family":"Martinez-Cagnazzo","sequence":"additional","affiliation":[{"name":"Technology Management, LACNIC, Montevideo 11400, Uruguay"}]}],"member":"1968","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1109\/COMST.2016.2622240","article-title":"BGP Anomaly Detection Techniques: A Survey","volume":"19","author":"Branch","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Rekhter, Y., Li, T., and Hares, S. (2024, January 10). A Border Gateway Protocol 4 (BGP-4). Internet Requests for Comments, 2006. Available online: http:\/\/www.rfc-editor.org\/rfc\/rfc4271.txt.","DOI":"10.17487\/rfc4271"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Shi, X., Xiang, Y., Wang, Z., Yin, X., and Wu, J. (2012, January 14\u201316). Detecting Prefix Hijackings in the Internet with Argus. Proceedings of the 2012 ACM Conference on Internet Measurement Conference\u2014IMC \u201912, Boston, MA, USA.","DOI":"10.1145\/2398776.2398779"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"2254","DOI":"10.1109\/JSAC.2021.3078497","article-title":"Machine Learning for Detecting Anomalies and Intrusions in Communication Networks","volume":"39","author":"Li","year":"2021","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"ref_5","unstructured":"Ding, Q., Li, Z., Batta, P., and Trajkovic, L. (2016, January 9\u201312). Detecting BGP Anomalies Using Machine Learning Techniques. Proceedings of the 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC), IEEE, Budapest, Hungary."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Cosovic, M., Obradovic, S., and Trajkovic, L. (2015, January 3\u20135). Performance Evaluation of BGP Anomaly Classifiers. Proceedings of the 2015 Third International Conference on Digital Information, Networking, and Wireless Communications (DINWC), Moscow, Russia.","DOI":"10.1109\/DINWC.2015.7054228"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Cosovic, M., Obradovic, S., and Trajkovic, L. (2016, January 15\u201318). Classifying Anomalous Events in BGP Datasets. Proceedings of the 2016 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE), IEEE, Vancouver, BC, Canada.","DOI":"10.1109\/CCECE.2016.7726739"},{"key":"ref_8","unstructured":"Peng, S., Chen, Y., Shu, X., Shuai, W., Fang, S., Ruan, Z., and Xuan, Q. (2023). MAD-MulW: A Multi-Window Anomaly Detection Framework for BGP Security Events. arXiv."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Li, Z., Rios, A.L.G., and Trajkovic, L. (2020, January 11\u201314). Detecting Internet Worms, Ransomware, and Blackouts Using Recurrent Neural Networks. Proceedings of the 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC), Toronto, ON, Canada.","DOI":"10.1109\/SMC42975.2020.9283472"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"032015","DOI":"10.1088\/1742-6596\/1176\/3\/032015","article-title":"Application of machine learning in BGP anomaly detection","volume":"1176","author":"Dai","year":"2019","journal-title":"J. Phys. Conf. Ser."},{"key":"ref_11","unstructured":"HackerOne (2024, April 08). The 2021 Hackers Report. Available online: https:\/\/www.hackerone.com\/resources\/reporting\/the-2021-hacker-report."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1186\/s42400-019-0038-7","article-title":"Survey of intrusion detection systems: Techniques, datasets and challenges","volume":"2","author":"Khraisat","year":"2019","journal-title":"Cybersecurity"},{"key":"ref_13","unstructured":"Miller, J., and Miller, J. (2000). Statistics and Chemometrics for Analytical Chemistry, Pearson\/Prentice Hall. [4th ed.]."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.comnet.2016.09.018","article-title":"Measurement of large-scale BGP events: Definition, detection, and analysis","volume":"110","author":"Chen","year":"2016","journal-title":"Comput. Netw."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1470","DOI":"10.1109\/TC.2009.91","article-title":"An Online Mechanism for BGP Instability Detection and Analysis","volume":"58","author":"Deshpande","year":"2009","journal-title":"IEEE Trans. Comput."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Testart, C., Richter, P., King, A., Dainotti, A., and Clark, D. (2019, January 21\u201323). Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table. Proceedings of the Internet Measurement Conference, New York, NY, USA.","DOI":"10.1145\/3355369.3355581"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"107835","DOI":"10.1016\/j.comnet.2021.107835","article-title":"Using bursty announcements for detecting BGP routing anomalies","volume":"188","author":"Moriano","year":"2021","journal-title":"Comput. Netw."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"515","DOI":"10.1109\/90.731185","article-title":"Internet routing instability","volume":"6","author":"Labovitz","year":"1998","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Arai, T., Nakano, K., and Chakraborty, B. (2019, January 23\u201325). Selection of Effective Features for BGP Anomaly Detection. Proceedings of the 2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST), Morioka, Japan.","DOI":"10.1109\/ICAwST.2019.8923583"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Mitchell, J. (2024, April 19). Autonomous System (AS) Reservation for Private Use. RFC 6996, Internet Engineering Task Force, 2013. Available online: https:\/\/www.rfc-editor.org\/info\/rfc6996.","DOI":"10.17487\/rfc6996"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Fonseca, P., Mota, E.S., Bennesby, R., and Passito, A. (July, January 29). BGP Dataset Generation and Feature Extraction for Anomaly Detection. Proceedings of the 2019 IEEE Symposium on Computers and Communications (ISCC), IEEE, Barcelona, Spain.","DOI":"10.1109\/ISCC47284.2019.8969619"},{"key":"ref_22","unstructured":"BGPmon (2024, February 15). Massive Route Leak Cause Internet Slowdown. Available online: https:\/\/www.bgpmon.net\/massive-route-leak-cause-internet-slowdown\/."},{"key":"ref_23","unstructured":"Besanger, Y., Eremia, M., and Voropai, N. (2013). Handbook of Electrical Power System Dynamics, John Wiley and Sons, Inc.. Chapter 13."},{"key":"ref_24","unstructured":"Reseaux IP Europeens Network Coordination Center (2024, February 08). RIPE Network Coordination Centre, 2015. Available online: http:\/\/www.ripe.net\/."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Blunk, L., Karir, M., and Labovitz, C. (2024, April 19). RFC 6396: Multi-threaded Routing Toolkit (MRT) Routing Information Export Format. Internet Engineering Task Force, 2011. RFC 6396 (Standards Track). Available online: http:\/\/tools.ietf.org\/html\/rfc6396.","DOI":"10.17487\/rfc6396"},{"key":"ref_26","unstructured":"Internet Engineering Task Force (IETF) (2015, December 06). Charter of the IETF Secure Inter-Domain Routing Working Group. Available online: http:\/\/tools.ietf.org\/wg\/sidr\/charters."},{"key":"ref_27","unstructured":"Center for Applied Internet Data Analysis (CAIDA) (2023, April 10). PyBGPStream API Documentation. Available online: https:\/\/bgpstream.caida.org\/docs\/api\/pybgpstream\/pybgpstream.html."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"764","DOI":"10.1016\/j.jesp.2013.03.013","article-title":"Detecting outliers: Do not use standard deviation around the mean, use absolute deviation around the median","volume":"49","author":"Leys","year":"2013","journal-title":"J. Exp. Soc. Psychol."},{"key":"ref_29","unstructured":"Howell, D.C. (2005). Encyclopedia of Statistics in Behavioral Science, John Wiley & Sons, Ltd."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Hautamaki, V., Karkkainen, I., and Franti, P. (2004, January 26). Outlier detection using k-nearest neighbour graph. Proceedings of the 17th International Conference on Pattern Recognition, 2004, ICPR 2004, IEEE, Cambridge, UK.","DOI":"10.1109\/ICPR.2004.1334558"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Zhao, H., Wang, Y., Duan, J., Huang, C., Cao, D., Tong, Y., Xu, B., Bai, J., Tong, J., and Zhang, Q. (2020, January 17\u201320). Multivariate time-series anomaly detection via graph attention network. Proceedings of the 2020 IEEE International Conference on Data Mining (ICDM), IEEE, Sorrento, Italy.","DOI":"10.1109\/ICDM50108.2020.00093"},{"key":"ref_32","unstructured":"Zong, B., Song, Q., Min, M.R., Cheng, W., Lumezanu, C., Cho, D., and Chen, H. (May, January 30). Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection. Proceedings of the International Conference on Learning Representations, Vancouver, BC, Canada."},{"key":"ref_33","unstructured":"Retana, A. (2024, April 19). Using BGP over QUIC. Internet-draft, Internet Engineering Task Force. Available online: https:\/\/datatracker.ietf.org\/doc\/draft-retana-idr-bgp-quic\/04\/."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/5\/146\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:33:44Z","timestamp":1760106824000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/5\/146"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,25]]},"references-count":33,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2024,5]]}},"alternative-id":["fi16050146"],"URL":"https:\/\/doi.org\/10.3390\/fi16050146","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,25]]}}}