Patent attributes
Disclosed herein is an anomaly detection method for link-state routing protocols, a link-state routing protocol providing for link-state update (LSU) messages to be exchanged between nodes in a packet-based network, wherein each link-state update message includes link-state advertisement (LSA) message(s) each having a respective header. The method comprises monitoring the link-state advertisement messages exchanged in the network, extracting and forming respective feature vectors with the values in the fields of the headers of the monitored link-state advertisement messages, and detecting an anomaly related to routing based on the feature vectors. In particular, detecting an anomaly related to routing includes feeding the feature vectors to a machine learning system, conveniently a one-class classifier, preferably a one-class support vector machine (OC-SVM).