Distributed IDS using Reconfigurable Hardware

With the rapid growth of computer networks and network infrastructures and increased dependency on the Internet to carry out day-to-day activities, it is imperative that the components of the system are secured. In the last few years a number of intrusion detection systems (IDS) have been developed as network security tools. While considerable progress has been made in the areas of string matching, header processing and detecting DoS attacks at network level. In this paper we are proposing the architecture of a distributed intrusion detection system (DIDS) for use in high-speed networks. The proposed DIDS has host IDS component at each host that combines the above-mentioned functionalities. DIDS consists of central IDS component which performs sophisticated processing to detect any signs of distributed attacks on the entire network and update rules in each host system. It is essential to use hardware systems or software with hardware accelerators. The proposed DIDS is a custom hardware implemented on field programmable gate arrays (FPGAs). This allows the introduction of higher degree of parallelism than might be possible in software at a reasonable cost. The nature of future attacks to the Internet's infrastructure is difficult to predict, and partial reconfigurability feature of FPGA will allow the system to be adapted to a constant change allowing the system to adapt to new threats.

[1]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[3]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[4]  Jim Tørresen,et al.  Exploiting Stateful Inspection of Network Security in Reconfigurable Hardware , 2003, FPL.

[5]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[6]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[7]  Sarang Dharmapurikar,et al.  Implementation results of bloom filters for string matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[8]  Marc Necker,et al.  TCP-Stream reassembly and state tracking in hardware , 2002, Proceedings. 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[9]  Parimal Patel,et al.  Architecture for Context-driven Packet Payload Processing Engine , 2004, CAINE.

[10]  Wei-Ming Lin,et al.  Improved Design and Implementation of Network Intrusion Detection System for Gigabit Network Traffic Using FPGA , 2005, CAINE.

[11]  Harry Katzan The standard data encryption algorithm , 1977 .

[12]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[13]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[14]  William Stallings,et al.  Network Security Essentials: Applications and Standards , 1999 .

[15]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[16]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.