Hardware Acceleration of Network Intrusion Detection System Using FPGA

This thesis presents new algorithms and hardware designs for Signature-based Network Intrusion Detection System (SB-NIDS) optimisation exploiting a hybrid hardwaresoftware co-designed embedded processing platform. The work describe concentrates on optimisation of a complete SB-NIDS Snort application software on a FPGA based hardware-software target rather than on the implementation of a single functional unit for hardware acceleration. Pattern Matching Hardware Accelerator (PMHA) based on Bloom filter was designed to optimise SB-NIDS performance for execution on a Xilinx MicroBlaze soft-core processor. The Bloom filter approach enables the potentially large number of network intrusion attack patterns to be efficiently represented and searched primarily using accesses to FPGA on-chip memory. The thesis demonstrates, the viability of hybrid hardware-software co-designed approach for SB-NIDS. Future work is required to investigate the effects of later generation FPGA technology and multi-core processors in order to clearly prove the benefits over conventional processor platforms for SB-NIDS. The strengths and weaknesses of the hardware accelerators and algorithms are analysed, and experimental results are examined to determine the effectiveness of the implementation. Experimental results confirm that the PMHA is capable of performing network packet analysis for gigabit rate network traffic. Experimental test results indicate that our SB-NIDS prototype implementation on relatively low clock rate embedded processing platform performance is approximately 1.7 times better than Snort executing on a general purpose processor on PC when comparing processor cycles rather than wall clock time

Sistema concurrente de detección de intrusiones con correlación de alertas en entornos distribuidos

Los escenarios típicos de un NIDS suelen ser redes de tamaño muy variado, desde domésticas hasta de grandes empresas. Pero también hay propuestas para adaptarlos a la computación en la nube. Al ser este tipo de computación un paradigma bastante reciente presenta riesgos de seguridad que creemos que pueden ser reducidos con un NIDS. El sistema de detección de intrusos propuesto en el presente documento propone una serie de medidas para adaptar un NIDS a un entorno de computación en la nube y, motivados por dos carencias que podría presentar esta propuesta, se proponen dos mejoras, la primera de ellas será la mejora de velocidad de análisis mediante el uso de paralelismo tanto a nivel GPU como CPU y la segunda será añadirle un sistema de correlación de alertas. Como método para conseguir estos objetivos se han evaluado diferentes vías que se desarrollan a lo largo de este documento. OpenStack permitirá desplegar un sistema de computación en la nube sobre uno o varios nodos físicos, CUDA y OpenMP hacer uso de paralelismo a nivel de GPU y CPU, y la logica difusa etiquetar las alertas en cada uno de los tipos de ataque. Como líneas de investigación futuras quedaría el desarrollo de un algoritmo de ordenación que explote el paralelismo a nivel de CPU y optimizar la correlación de alertas. [ABSTRACT] Typical scenarios of a NIDS usually are varied sized networks, from domestic to large companies. But there are also proposals to adapt it to the cloud computing. Since this kind of computing paradigm presents fairly recent security risks, we believe may be reduced with NIDS. The intrusion detection system proposed in this document proposes a series of measures to adapt a NIDS to an environment of cloud computing and motivated by two shortcomings that could present, this proposal proposes two improvements, the first of which will improve analysis speed by using parallelism at CPU and GPU and the second generate a system alert correlation. As a method for achieving these goals are assessed different ways that develop throughout this document. OpenStack will help us to deploy a cloud computing on one or more physical nodes, CUDA and OpenMP will help us to use parallelism at GPU and CPU level, and fuzzy logic will help us to label each attack. As future research lines would be the development of a sorting algorithm that exploits parallelism and optimize CPU level alert correlation

Applied Metaheuristic Computing

For decades, Applied Metaheuristic Computing (AMC) has been a prevailing optimization technique for tackling perplexing engineering and business problems, such as scheduling, routing, ordering, bin packing, assignment, facility layout planning, among others. This is partly because the classic exact methods are constrained with prior assumptions, and partly due to the heuristics being problem-dependent and lacking generalization. AMC, on the contrary, guides the course of low-level heuristics to search beyond the local optimality, which impairs the capability of traditional computation methods. This topic series has collected quality papers proposing cutting-edge methodology and innovative applications which drive the advances of AMC

Department of Defense Dictionary of Military and Associated Terms

The Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms sets forth standard US military and associated terminology to encompass the joint activity of the Armed Forces of the United States. These military and associated terms, together with their definitions, constitute approved Department of Defense (DOD) terminology for general use by all DOD components

Applied Methuerstic computing

For decades, Applied Metaheuristic Computing (AMC) has been a prevailing optimization technique for tackling perplexing engineering and business problems, such as scheduling, routing, ordering, bin packing, assignment, facility layout planning, among others. This is partly because the classic exact methods are constrained with prior assumptions, and partly due to the heuristics being problem-dependent and lacking generalization. AMC, on the contrary, guides the course of low-level heuristics to search beyond the local optimality, which impairs the capability of traditional computation methods. This topic series has collected quality papers proposing cutting-edge methodology and innovative applications which drive the advances of AMC