BGP Security Intelligence Platform – Feedback Requested
Hi all, I’ve developed a tool called the BGP Security Intelligence Platform, which provides predictive routing-risk intelligence by analyzing origin-side ASN vulnerability and prefix-level structural risk across the global Internet. The platform continuously collects and processes live BGP control-plane data, RPKI validation, IRR records, CAIDA AS relationships, and multi-source prefix visibility measurements. Using this, it produces a ranked list of high-risk ASN–prefix combinations, highlighting where malformed or malicious announcements are most likely to propagate in practice. Key features and capabilities include: - Global ASN origin-side vulnerability scoring - Prefix structural risk analytics - Combined ASN–prefix risk ranking with ML-based classification - Real-world propagation and permissiveness modeling - Continuous intelligence generation for operators and security teams - Actionable outputs to prioritize filtering, mitigation, and routing-policy decisions The full article and partial excerpts from the tool are available here: https://zenodo.org/records/18407267 DOI: https://doi.org/10.5281/zenodo.18407267 **Note:** The Zenodo upload **does not include the full tool code**, only selected excerpts. Some data and parts of the code are extremely sensitive and cannot be made public. I am happy to share additional details privately upon request. Also, all files are copyrighted. I’m seeking feedback from experienced operators and engineers on: 1) Whether this tool would be useful in real-world BGP operations, does it have any value 2) Who in the community might benefit most from using it 3) Any suggestions for improvements or additional metrics to include (I was recommended to add ASPA and OTC in the future) Thank you very much for your time and insights. Best regards, Bogdan Pantelimon
I started to read through some of your docs. Once I read that you believe as_path lengths 'influence credibility' , and 'shorter, consistent paths propagate more effectively' , I stopped. On Wed, Jan 28, 2026 at 5:18 PM bogdancyber via NANOG <nanog@lists.nanog.org> wrote:
Hi all,
I’ve developed a tool called the BGP Security Intelligence Platform, which provides predictive routing-risk intelligence by analyzing origin-side ASN vulnerability and prefix-level structural risk across the global Internet.
The platform continuously collects and processes live BGP control-plane data, RPKI validation, IRR records, CAIDA AS relationships, and multi-source prefix visibility measurements. Using this, it produces a ranked list of high-risk ASN–prefix combinations, highlighting where malformed or malicious announcements are most likely to propagate in practice.
Key features and capabilities include: - Global ASN origin-side vulnerability scoring - Prefix structural risk analytics - Combined ASN–prefix risk ranking with ML-based classification - Real-world propagation and permissiveness modeling - Continuous intelligence generation for operators and security teams - Actionable outputs to prioritize filtering, mitigation, and routing-policy decisions
The full article and partial excerpts from the tool are available here: https://zenodo.org/records/18407267 DOI: https://doi.org/10.5281/zenodo.18407267
**Note:** The Zenodo upload **does not include the full tool code**, only selected excerpts. Some data and parts of the code are extremely sensitive and cannot be made public. I am happy to share additional details privately upon request. Also, all files are copyrighted.
I’m seeking feedback from experienced operators and engineers on: 1) Whether this tool would be useful in real-world BGP operations, does it have any value 2) Who in the community might benefit most from using it 3) Any suggestions for improvements or additional metrics to include (I was recommended to add ASPA and OTC in the future)
Thank you very much for your time and insights.
Best regards, Bogdan Pantelimon _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/B4DSCOS5...
In my documents, I stated that “shorter, consistent AS_PATHs propagate more effectively” and that AS_PATH lengths influence route preference. To be precise: BGP Route Selection and AS_PATH According to RFC 4271, Section 9 (BGP Route Selection Process): "Remove from consideration all routes that are not tied for having the smallest number of AS numbers present in their AS_PATH attributes" This means that, when local preference, MED, origin type, and other selection criteria are equal, BGP will prefer the route with the shorter AS_PATH. Clarification on “propagation” and “credibility” I do not mean that AS_PATH length directly affects the credibility of the origin or guarantees propagation. It was a mistake in expression that I take responsibility for. Actual propagation is determined by operator filtering policies, RPKI/ROA validation, and peer relationships. What I intended to highlight in the tool is that shorter AS_PATHs may indicate routes more likely to be selected internally within a network, which indirectly informs risk modeling of high-impact BGP hijacks.
participants (2)
-
bogdancyber -
Tom Beecher