An efficient FPGA implementation of principle component analysis based network intrusion detection system
作者: Abhishek Das , Sanchit Misra , Sumeet Joshi , Joseph Zambreno , Gokhan Memik
关键词: Pattern matching 、 Field-programmable gate array 、 Real-time computing 、 Intrusion detection system 、 Throughput (business) 、 Embedded system 、 False alarm 、 Anomaly detection 、 Principal component analysis 、 Computer science
摘要: Modern Network Intrsuion Detection Systems (NIDSs) use anomaly detection to capture malicious attacks. Since such connections are described by large set of dimensions, processing these huge amounts network data becomes extremely slow. To solve this time-efficiency problem, statistical methods like Principal Component Analysis (PCA) can be used reduce the dimensionality data. In paper, we design and implement an efficient FPGA architecture for in NIDSs. Moreover, using representative intrusion traces, show that our correctly classifies attacks with rates exceeding 99.9% false alarm as low 1.95%. Our implementation on a Xilinx Virtex-II Pro platform provides core throughput up 24.72 Gbps, clocking at frequency 96.56 MHz.
computer.org
acm.org
sci-hub.se 参考文章(12)
Kanoksri Sarinnapakorn, Mei-Ling Shyu, Shu-Ching Chen, LiWu Chang, A Novel Anomaly Detection Scheme Based on Principal Component Classifier international conference on data mining. pp. 172- 179 ,(2003)
R. Sidhu, V.K. Prasanna, Fast Regular Expression Matching Using FPGAs field-programmable custom computing machines. pp. 227- 238 ,(2001) , 10.1109/FCCM.2001.22
M. Fleury, B. Self, A. Downton, A fine-grained parallel pipelined Karhunen-Loeve transform international parallel and distributed processing symposium. pp. 264- ,(2003) , 10.1109/IPDPS.2003.1213476
Haoyu Song, John W. Lockwood, Efficient packet classification for network intrusion detection using FPGA Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays - FPGA '05. pp. 238- 245 ,(2005) , 10.1145/1046192.1046223
S. Dharmapurikar, P. Krishnamurthy, T.S. Sproull, J.W. Lockwood, Deep packet inspection using parallel bloom filters IEEE Micro. ,vol. 24, pp. 52- 61 ,(2004) , 10.1109/MM.2004.1268997
N. Athanasiades, R. Abler, J. Levine, H. Owen, G. Riley, Intrusion detection testing and benchmarking methodologies First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.. pp. 63- 72 ,(2003) , 10.1109/IWIAS.2003.1192459
Z.K. Baker, V.K. Prasanna, Efficient hardware data mining with the Apriori algorithm on FPGAs field-programmable custom computing machines. pp. 3- 12 ,(2005) , 10.1109/FCCM.2005.31
M. Attig, J. Lockwood, A framework for rule processing in reconfigurable network systems field-programmable custom computing machines. pp. 225- 234 ,(2005) , 10.1109/FCCM.2005.7
Farid Kianifard, Applied Multivariate Data Analysis: Volume II: Categorical and Multivariate Methods ,(1992)
D.V. Schuehler, J. Moscola, J.W. Lockwood, Architecture for a hardware-based, TCP/IP content-processing system IEEE Micro. ,vol. 24, pp. 62- 69 ,(2004) , 10.1109/MM.2004.1269000