Hardware Acceleration of Network Intrusion Detection System Using FPGA

This thesis presents new algorithms and hardware designs for Signature-based Network Intrusion Detection System (SB-NIDS) optimisation exploiting a hybrid hardwaresoftware co-designed embedded processing platform. The work describe concentrates on optimisation of a complete SB-NIDS Snort application software on a FPGA based hardware-software target rather than on the implementation of a single functional unit for hardware acceleration. Pattern Matching Hardware Accelerator (PMHA) based on Bloom filter was designed to optimise SB-NIDS performance for execution on a Xilinx MicroBlaze soft-core processor. The Bloom filter approach enables the potentially large number of network intrusion attack patterns to be efficiently represented and searched primarily using accesses to FPGA on-chip memory. The thesis demonstrates, the viability of hybrid hardware-software co-designed approach for SB-NIDS. Future work is required to investigate the effects of later generation FPGA technology and multi-core processors in order to clearly prove the benefits over conventional processor platforms for SB-NIDS. The strengths and weaknesses of the hardware accelerators and algorithms are analysed, and experimental results are examined to determine the effectiveness of the implementation. Experimental results confirm that the PMHA is capable of performing network packet analysis for gigabit rate network traffic. Experimental test results indicate that our SB-NIDS prototype implementation on relatively low clock rate embedded processing platform performance is approximately 1.7 times better than Snort executing on a general purpose processor on PC when comparing processor cycles rather than wall clock time

A Survey of Iris Recognition System

The uniqueness of iris texture makes it one of the reliable physiological biometric traits compare to the other biometric traits. In this paper, we investigate a different level of fusion approach in iris image. Although, a number of iris recognition methods has been proposed in recent years, however most of them focus on the feature extraction and classification method. Less number of method focuses on the information fusion of iris images. Fusion is believed to produce a better discrimination power in the feature space, thus we conduct an analysis to investigate which fusion level is able to produce the best result for iris recognition system. Experimental analysis using CASIA dataset shows feature level fusion produce 99% recognition accuracy. The verification analysis shows the best result is GAR = 95% at the FRR = 0.1

An investigation into the efficacy of URL content filtering systems

Content filters are used to restrict to restrict minors from accessing to online content deemed inappropriate. While much research and evaluation has been done on the efficiency of content filters, there is little in the way of empirical research as to their efficacy. The accessing of inappropriate material by minors, and the role content filtering systems can play in preventing the accessing of inappropriate material, is largely assumed with little or no evidence. This thesis investigates if a content filter implemented with the stated aim of restricting specific Internet content from high school students achieved the goal of stopping students from accessing the identified material. The case is of a high school in Western Australia where the logs of a proxy content filter that included all Internet traffic requested by students were examined to determine the efficacy of the content filter. Using text extraction and pattern matching techniques to look for evidence of access to restricted content within this study, the results demonstrate that the belief that content filtering systems reliably prevent access to restricted content is misplaced. in this study there is direct evidence of circumvention of the content filter. This is single case study in one school and as such, the results are not generalisable to all schools or even through subsequent systems that replaced the content filter examined in this study, but it does raise the issue of the ability of these content filter systems to restrict content from high school students. Further studies across multiple schools and more complex circumvention methods would be required to identify if circumvention of content filters is a widespread issue

A Review of Intrusion Detection System

Intrusion detection systems are systems that can detect any kind of malicious attacks, corrupted data or any kind of intrusion that can pose threat to our systems. In this paper a study of various types of intrusion detection system is done along with the aid of many research papers which have employed machine learning , DNA sequence ,pattern matching ,data mining as a technique for learning attacks and taking preventive actions when similar types of attacks are encountered in the future. Study of these papers have given a deep insight to further explore the related techniques in the field of Intrusion Detection Systems