On August 14-16, 2024, in Philadelphia, Pennsylvania, USA, the 33rd USENIX Security Symposium was convened. The paper titled "Learning with Semantics: Towards a Semantics-Aware Routing Anomaly Detection System," co-authored by Prof. Qi Li and Prof. Zhuotao Liu from the Institute for Network Sciences and Cyberspace and Prof. Ke Xu, Prof. Mingwei Xu, and Prof. Jianping Wu from the Department of Computer Science and Technology, was bestowed with the Distinguished Paper Award and the Internet Defense Prize, simultaneously. Significantly, it was the sole recipient of the Internet Defense Prize. The paper's primary student author is Yihao Chen, a doctoral candidate under the supervision of Prof. Jianping Wu in the Department of Computer Science and Technology.

This marks an unprecedented achievement in the annals of the Internet Defense Prize, established by USENIXSecurity in 2014, as it is the first time that a research accomplishment completed by a Chinese research institution and its scholars has been so recognized. Furthermore, for the second consecutive year, the team of Prof. Qi Li and Prof. Zhuotao Liu from the Institute for Network Sciences and Cyberspace, and Prof. Ke Xu from the Department of Computer Science and Technology, has been honored with the Distinguished Paper Award at the USENIX Security Symposium.

The Internet Defense Prize Award

The Distinguished Paper Award

About the Award-Winning Paper

BGP is the de facto inter-domain routing protocol to ensure global connectivity of the Internet. However, various reasons, such as deliberate attacks or misconfigurations, could cause BGP routing anomalies. Traditional methods for BGP routing anomaly detection require significant manual investigation of routes by network operators. Although machine learning has been applied to automate the process,prior arts typically impose significant training overhead (such as large-scale data labeling and feature crafting), and only produce uninterpretable results. To address these limitations, this paper presents a routing anomaly detection system centering around a novel network representation learning model named BEAM. The core design of BEAM is to accurately learn the unique properties (defined as routing role) of each Autonomous System (AS) in the Internet by incorporating BGP semantics. As a result, routing anomaly detection, given BEAM, is reduced to a matter of discovering unexpected routing-role churns upon observing new route announcements. We implement a prototype of our routing anomaly detection system and extensively evaluate its performance. The experimental results, based on 18 real-world RouteViews datasets containing over 11 billion route announcement records, demonstrate that our system can detect all previously-confirmed routing anomalies, while only introducing at most five false alarms every 180 million route announcements. We also deploy our system in China Telecom’s core AS to perform real-world detection. The analysis results based on the latest one-month deployment indicate that our system detects 497 true anomalies in the wild with an average of only 1.65 false alarms per day.

About the USENIX Security Symposium

The USENIX Security Symposium is an annual conference that has been held since the early 1990s. It is considered one of the most prestigious conferences in the field of information security. The China Computer Federation recognizes the USENIX Security Symposium as a Class A international academic conference on information security. The 33rd USENIX Security Symposium was held in Philadelphia, PA, USA from August 14th to 16th, 2024.