🛡️ BGP AI Guard — Cloud-Based Route Hijack & Network Anomaly Detection
The dashboard provides a SOC-style real-time view of:
- Detected routing anomalies
- Normal routing behavior
- AI anomaly score
- Human-readable explanation for every alert
- Timestamped BGP updates
BGP AI Guard is a cloud-based monitoring system that analyzes BGP routing updates, learns normal prefix behavior, and detects suspicious route hijacks and routing anomalies using AI.
This project combines: • Computer Networks (BGP internals) • Stateful feature engineering • Unsupervised Machine Learning (Isolation Forest) • FastAPI backend • Live SOC-style monitoring dashboard
This is how real internet routing security monitoring works.
⸻
🚨 Problem This Solves
BGP (Border Gateway Protocol) is the backbone of the internet.
When a malicious AS advertises a prefix it does not own, it causes a BGP route hijack — traffic meant for Google, Cloudflare, banks, or governments can be redirected.
This system detects: • Origin AS changes • Sudden AS path shortening • New unknown AS appearing in path • Abnormal announcement frequency • Deviations from learned routing history
⸻
System Architecture
BGP Update ↓ Feature Pipeline (stateful prefix memory) ↓ Isolation Forest (learned normal routing) ↓ FastAPI ↓ Live SOC Dashboard
Key idea:
Stateful memory + AI scoring + human-readable reasoning.
⸻
⚙️ Features Extracted from BGP Updates
For every prefix update, the system computes: • Origin AS change detection • Path length delta • New AS appearance in path • Time since last announcement • Announcement frequency • Unique AS count
These features are learned by the model as normal internet behavior.
⸻
AI Model • Algorithm: Isolation Forest • Training: Only normal routing patterns • Detection: Unsupervised anomaly detection • Output: Anomaly score + explanation
⸻
Dashboard (SOC Style)
The dashboard shows: • 🟢 Normal routing activity • 🟠 Suspicious routing anomalies • Timestamp of event • AS path • AI anomaly score • Human-readable reason for alert
⸻
▶ How to Run
- Create virtual environment
python3 -m venv venv source venv/bin/activate
- Install dependencies
pip install fastapi uvicorn scikit-learn numpy
- Start server
uvicorn api:app --reload
- Open dashboard
http://127.0.0.1:8000/dashboard
Click Simulate BGP Updates.
⸻
🗂️ Project Structure
ai_engine.py → AI model & training prefix_memory.py → Stateful prefix history feature_pipeline.py → Feature extraction logic main_engine.py → Reason generation api.py → FastAPI backend templates/ → Monitoring dashboard
⸻
What Makes This Project Strong
This is not a CRUD app. This is a stateful network anomaly detection system.
It demonstrates: • Understanding of BGP internals • Designing streaming feature pipelines • Applying unsupervised ML correctly • Building monitoring infrastructure • Translating raw AI output into actionable alerts
⸻
Simulation
The system simulates: 1. Normal routing behavior 2. A malicious route hijack
The dashboard clearly separates them.
⸻
Future Improvements • Connect to live RIPE RIS / RouteViews stream • Store prefix history in database • Add per-prefix investigation page • Deploy on cloud VM for real monitoring
⸻
Author
Samiksha Tiwari Computer Science Student | Systems + AI Enthusiast