research-article

Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs

Authors:

Zachary K. Baker,

Viktor K. PrasannaAuthors Info & Claims

IEEE Transactions on Dependable and Secure Computing, Volume 3, Issue 4

Pages 289 - 300

https://doi.org/10.1109/TDSC.2006.44

Published: 01 October 2006 Publication History

Abstract

This paper presents a methodology and a tool for automatic synthesis of highly efficient intrusion detection systems using a high-level, graph-based partitioning methodology and tree-based lookahead architectures. Intrusion detection for network security is a compute-intensive application demanding high system performance. The tools implement and automate a customizable flow for the creation of efficient Field Programmable Gate Array (FPGA) architectures using system-level optimizations. Our methodology allows for customized performance through more efficient communication and extensive reuse of hardware components for dramatic increases in area-time performance.

References

[1]

Sourcefire, “Snort: The Open Source Network Intrusion Detection System,”

[2]

Hogwash Intrusion Detection System, 2004,

[3]

Proc. 12th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '04), pp. 125-134, 2004.

[4]

L. Schaelicke, K. Wheeler, and C. Freeland, “SPANIDS: A Scalable Network Intrusion Detection Loadbalancer,” Proc. Computing Frontiers Conf., pp. 315-322, 2005.

Digital Library

[5]

Proc. 10th Ann. Field-Programmable Custom Computing Machines (FCCM '02), pp. 111-120, 2002.

[6]

M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole, and V. Hogsett, “Granidt: Towards Gigabit Rate Network Intrusion Detection,” Proc. 13th Ann. ACM/SIGDA Int'l Conf. Field-Programmable Logic and Applications (FPL '03), pp. 404-413, 2003.

Digital Library

[7]

R. Sidhu, A. Mei, and V.K. Prasanna, “String Matching on Multicontext FPGAs Using Self-Reconfiguration,” Proc. Seventh Ann. ACM/SIGDA Int'l Symp. Field Programmable Gate Arrays (FPGA '99), pp. 217-226, 1999.

Digital Library

[8]

Proc. 12th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '04), pp. 249-257, 2004.

[9]

Z.K. Baker and V.K. Prasanna, “Time and Area Efficient Pattern Matching on FPGAs,” Proc. 12th Ann. ACM Int'l Symp. Field-Programmable Gate Arrays (FPGA '04), pp. 223-232, 2004.

Digital Library

[10]

S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Implementation of a Deep Packet Inspection Circuit Using Parallel Bloom Filters in Reconfigurable Hardware,” Proc. 11th Ann. IEEE Symp. High Performance Interconnects (HOTi '03), pp. 49-51, 2003.

[11]

C.R. Clark and D.E. Schimmel, “Efficient Reconfigurable Logic Circuits for Matching Complex Network Intrusion Detection Patterns,” Proc. 13th ACM/SIGDA Int'l Conf. Field-Programmable Logic and Applications (FPL '03), pp. 956-959, 2003.

[12]

Byoungro So, Mary W. Hall, Pedro C. Diniz, A compiler approach to fast hardware design space exploration in FPGA-based systems, ACM SIGPLAN Notices, v.37 n.5, May 2002

[13]

Proc. VLSI Design Conf., pp. 299-304, Jan. 2001.

[14]

Proc. Sixth Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '98), pp. 175-184, 1998.

[15]

Proc. 11th Ann. IEEE Symp. Field-Programmable Custom Computing Machines (FCCM '03), pp. 31-38, 2003.

[16]

Global Velocity,

[17]

Proc. 18th Ann. IEEE Int'l Parallel and Distributed Processing Symp. (IPDPS '04), pp. 202-210, 2004.

[18]

Proc. IEEE Conf. Rapid System Prototyping (RSP '00), pp. 194-199, June 2000.

[19]

C. Joit, S. Staniford, and J. McAlerney, “Towards Faster String Matching for Intrusion Detection,”

[20]

Robert S. Boyer, J. Strother Moore, A fast string searching algorithm, Communications of the ACM, v.20 n.10, p.762-772, Oct. 1977

Digital Library

[21]

Alfred V. Aho, Margaret J. Corasick, Efficient string matching: an aid to bibliographic search, Communications of the ACM, v.18 n.6, p.333-340, June 1975

Digital Library

[22]

R. Sidhu and V.K. Prasanna, “Fast Regular Expression Matching using FPGAs,” Proc. Ninth Ann. IEEE Symp. Field-Programmable Custom Computing Machines (FCCM '01), pp. 227-238, 2001.

Digital Library

[23]

Proc. 12th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '04), pp. 135-144, 2004.

[24]

Y. Cho, S. Navab, and W. Mangione-Smith, “Specialized Hardware for Deep Network Packet Filtering,” Proc. 12th ACM/SIGDA Int'l Conf. Field-Programmable Logic and Applications (FPL '02), pp.452-461, 2002.

Digital Library

[25]

Proc. 12th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '04), pp. 258-267, 2004.

[26]

I. Sourdis and D. Pnevmatikatos, “Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System,” Proc. 13th Ann. ACM/SIGDA Int'l Conf. Field-Programmable Logic and Applications (FPL '03), pp. 880-889, 2003.

[27]

D. Knuth, J. Morris, and V. Pratt, “Fast Pattern Matching in Strings,” SIAM J. Computing, pp. 323-350, 1977.

[28]

G. Karypis, R. Aggarwal, K. Schloegel, V. Kumar, and S. Shekhar, “METIS Family of Multilevel Partitioning Algorithms,”

[29]

Proc. 13th Ann. IEEE Symp. Field-Programmable Custom Computing Machines (FCCM '05), pp. 225-234, 2005.

[30]

Proc. 13th Ann. IEEE Symp. Field Programmable Custom Computing Machines (FCCM '05), pp.215-224, 2005.

[31]

Proc. 12th IEEE Int'l Conf. Network Protocols (ICNP), pp. 174-183, 2004.

[32]

Xilinx Inc., “Virtex II Pro Series FPGA Devices,”

[33]

Xilinx Inc., “ML-300 Development Board,”

Cited By

Morianos IGeorgopoulos KBrokalakis AKyriakakis TIoannidis S(2024)I2DS: FPGA-Based Deep Learning Industrial Intrusion Detection SystemEmbedded Computer Systems: Architectures, Modeling, and Simulation10.1007/978-3-031-78380-7_14(165-176)Online publication date: 30-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-78380-7_14
Ravi NRamachandran G(2020)A robust intrusion detection system using machine learning techniques for MANETInternational Journal of Knowledge-based and Intelligent Engineering Systems10.3233/KES-20004724:3(253-260)Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.3233/KES-200047
Zhang XShao XProvelengios GDumpala NGao LTessier R(2020)CoNFVACM Transactions on Reconfigurable Technology and Systems10.1145/340911314:1(1-29)Online publication date: 18-Aug-2020
https://dl.acm.org/doi/10.1145/3409113
Show More Cited By

Index Terms

Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs

Recommendations

Packing Techniques for Virtex-5 FPGAs

Packing is a key step in the FPGA tool flow that straddles the boundaries between synthesis, technology mapping and placement. Packing strongly influences circuit speed, density, and power, and in this article, we consider packing in the commercial FPGA ...
Architecture-specific packing for virtex-5 FPGAs
FPGA '08: Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays

We consider packing in the commercial FPGA context and examine the speed, performance and power trade-offs associated with packing in a state-of-the art FPGA -- the Xilinx Virtex-5 FPGA. Two aspects of packing are discussed: 1)packing for general logic ...
A Fast and Configurable Pattern Matching Hardware Architecture for Intrusion Detection
WKDD '09: Proceedings of the 2009 Second International Workshop on Knowledge Discovery and Data Mining

The current hardware architectures of intrusion detection system have several limitations on performance and configurability. In this paper we describe the architecture design and hardware implementation of gigabits NIDS using a programmable network ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing Volume 3, Issue 4

October 2006

133 pages

ISSN:1545-5971

Issue’s Table of Contents

Copyright © 2006.

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 October 2006

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Morianos IGeorgopoulos KBrokalakis AKyriakakis TIoannidis S(2024)I2DS: FPGA-Based Deep Learning Industrial Intrusion Detection SystemEmbedded Computer Systems: Architectures, Modeling, and Simulation10.1007/978-3-031-78380-7_14(165-176)Online publication date: 30-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-78380-7_14
Ravi NRamachandran G(2020)A robust intrusion detection system using machine learning techniques for MANETInternational Journal of Knowledge-based and Intelligent Engineering Systems10.3233/KES-20004724:3(253-260)Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.3233/KES-200047
Zhang XShao XProvelengios GDumpala NGao LTessier R(2020)CoNFVACM Transactions on Reconfigurable Technology and Systems10.1145/340911314:1(1-29)Online publication date: 18-Aug-2020
https://dl.acm.org/doi/10.1145/3409113
Wang CLi XChen PWang AZhou XYu H(2015)Heterogeneous cloud framework for big data genome sequencingIEEE/ACM Transactions on Computational Biology and Bioinformatics10.1109/TCBB.2014.235180012:1(166-178)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.1109/TCBB.2014.2351800
Bande Serrano JPalancar J(2012)String alignment pre-detection using unique subsequences for FPGA-based network intrusion detectionComputer Communications10.1016/j.comcom.2011.12.00935:6(720-728)Online publication date: 1-Mar-2012
https://dl.acm.org/doi/10.1016/j.comcom.2011.12.009
Pao DLin WLiu B(2010)A memory-efficient pipelined implementation of the aho-corasick string-matching algorithmACM Transactions on Architecture and Code Optimization10.1145/1839667.18396727:2(1-27)Online publication date: 5-Oct-2010
https://dl.acm.org/doi/10.1145/1839667.1839672
Sourdis IPnevmatikatos DVassiliadis S(2008)Scalable multigigabit pattern matching for packet inspectionIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2007.91203616:2(156-166)Online publication date: 1-Feb-2008
https://dl.acm.org/doi/10.1109/TVLSI.2007.912036

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents