Patent attributes
A system and method for detecting malicious hijack events in real-time is provided. The method may include receiving routing data associated with a Border Gateway Protocol (BGP) event from at least one BGP router. The method may further include generating a hijack detection model using a machine learning technique, such as Positive Unlabeled learning. The machine learning technique may include at least one data input and a probability output; wherein, the data input couples to receive a set of historically confirmed BGP hijacking data and the routing data, while the probability output transmits a probability value for the malicious event which may be calculated based upon the data input. Finally, the method may include classifying the BGP event as a malicious event or a benign event using the BGP hijack model and correcting routing tables that have been corrupted by a malicious event.