论文信息 - Towards an Energy-Efficient Anomaly-Based Intrusion Detection Engine for Embedded Systems

Towards an Energy-Efficient Anomaly-Based Intrusion Detection Engine for Embedded Systems

Nowadays, a significant part of all network accesses comes from embedded and battery-powered devices, which must be energy efficient. This paper demonstrates that a hardware (HW) implementation of network security algorithms can significantly reduce their energy consumption compared to an equivalent software (SW) version. The paper has four main contributions: (i) a new feature extraction algorithm, with low processing demands and suitable for hardware implementation; (ii) a feature selection method with two objectives - accuracy and energy consumption; (iii) detailed energy measurements of the feature extraction engine and three machine learning (ML) classifiers implemented in SW and HW-Decision Tree (DT), Naive-Bayes (NB), and k-Nearest Neighbors (kNN); and (iv) a detailed analysis of the tradeoffs in implementing the feature extractor and ML classifiers in SW and HW. The new feature extractor demands significantly less computational power, memory, and energy. Its SW implementation consumes only 22 percent of the energy used by a commercial product and its HW implementation only 12 percent. The dual-objective feature selection enabled an energy saving of up to 93 percent. Comparing the most energy-efficient SW implementation (new extractor and DT classifier) with an equivalent HW implementation, the HW version consumes only 5.7 percent of the energy used by the SW version.

[1] Richard P. Lippmann,et al. An Overview of Issues in Testing Intrusion Detection Systems , 2003 .

[2] Rajagopalan Vijayasarathy,et al. A system approach to network modeling for DDoS detection using a Naìve Bayesian classifier , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[3] John McHugh,et al. Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[4] Jiankun Hu,et al. A Real-Time NetFlow-based Intrusion Detection System with Improved BBNN and High-Frequency Field Programmable Gate Arrays , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[5] Jugal K. Kalita,et al. MIFS-ND: A mutual information-based feature selection method , 2014, Expert Syst. Appl..

[6] Bhavani M. Thuraisingham,et al. A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[7] Quang Anh Tran,et al. Evolving Block-Based Neural Network and Field Programmable Gate Arrays for Host-Based Intrusion Detection System , 2012, 2012 Fourth International Conference on Knowledge and Systems Engineering.

[8] Alok N. Choudhary,et al. An Efficient FPGA Implementation of Principle Component Analysis based Network Intrusion Detection System , 2008, 2008 Design, Automation and Test in Europe.

[9] Abhishek Sharma,et al. Efficient implementation of packet pre-filtering for scalable analysis of IP traffic on high-speed lines , 2012, SoftCOM 2012, 20th International Conference on Software, Telecommunications and Computer Networks.

[10] Daniel Bedard,et al. PowerMon: Fine-grained and integrated power monitoring for commodity computer systems , 2010, Proceedings of the IEEE SoutheastCon 2010 (SoutheastCon).

[11] Altair Olivo Santin,et al. Moving Network Protection from Software to Hardware: An Energy Efficiency Analysis , 2014, 2014 IEEE Computer Society Annual Symposium on VLSI.

[12] Christos-Savvas Bouganis,et al. Novel Cascade FPGA Accelerator for Support Vector Machines Classification , 2012, IEEE Transactions on Neural Networks and Learning Systems.

[13] Markos Papadonikolakis,et al. A novel FPGA-based SVM classifier , 2010, 2010 International Conference on Field-Programmable Technology.

[14] Maria Dolores Gil Montoya,et al. A Pareto-based multi-objective evolutionary algorithm for automatic rule generation in network intrusion detection systems , 2013, Soft Comput..

[15] Geoffrey Brown,et al. Reconfigurable Architecture for Network Flow Analysis , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[16] Kalyanmoy Deb,et al. A fast and elitist multiobjective genetic algorithm: NSGA-II , 2002, IEEE Trans. Evol. Comput..

[17] Ali A. Ghorbani,et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[18] Vallipuram Muthukkumarasamy,et al. Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops.

[19] Ali A. Ghorbani,et al. Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[20] Deian Stefan,et al. FPGA-based SoC for real-time network intrusion detection using counting bloom filters , 2009, IEEE Southeastcon 2009.

[21] Altair Olivo Santin,et al. The energy cost of network security: A hardware vs. software comparison , 2015, 2015 IEEE International Symposium on Circuits and Systems (ISCAS).

[22] Thanvarat Komviriyavut,et al. Network intrusion detection and classification with Decision Tree and rule based approaches , 2009, 2009 9th International Symposium on Communications and Information Technology.

[23] Philip K. Chan,et al. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[24] Wei-Yang Lin,et al. Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[25] Vern Paxson,et al. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[26] Salvatore Pontarelli,et al. Traffic-Aware Design of a High-Speed FPGA Network Intrusion Detection System , 2013, IEEE Transactions on Computers.

[27] Jugal K. Kalita,et al. Packet and Flow Based Network Intrusion Dataset , 2012, IC3.

[28] Fabio Roli,et al. Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues , 2013, Inf. Sci..

[29] M. Vanitha,et al. Data mining for network intrusion detection system in real time , 2009 .

[30] Jun Yan,et al. Accurate and Low-Overhead Process-Level Energy Estimation for Modern Hard Disk Drives , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.

[31] Sotirios G. Ziavras,et al. Efficient hardware support for pattern matching in network intrusion detection , 2010, Comput. Secur..

[32] Dong Seong Kim,et al. Genetic algorithm to improve SVM based network intrusion detection system , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[33] Jun-Yong Lee,et al. A system architecture for high-speed deep packet inspection in signature-based network intrusion prevention , 2007, J. Syst. Archit..

[34] R.K. Cunningham,et al. Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[35] Ming-Yang Su,et al. A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach , 2009, Comput. Secur..

[36] James H. Laros,et al. PowerInsight - A commodity power measurement capability , 2013, 2013 International Green Computing Conference Proceedings.

[37] George Varghese,et al. Building a better NetFlow , 2004, SIGCOMM 2004.

[38] Alok N. Choudhary,et al. An FPGA-Based Network Intrusion Detection Architecture , 2008, IEEE Transactions on Information Forensics and Security.

[39] KatashitaToshihiro,et al. FPGA-Based Intrusion Detection System for 10 Gigabit Ethernet , 2007 .

[40] Zouheir Trabelsi,et al. An Anomaly Intrusion Detection System Employing Associative String Processor , 2010, 2010 Ninth International Conference on Networks.

[41] DebK.,et al. A fast and elitist multiobjective genetic algorithm , 2002 .

[42] Andrew J. Clark,et al. Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[43] Ron Kohavi,et al. Irrelevant Features and the Subset Selection Problem , 1994, ICML.

[44] Shirley Moore,et al. Measuring Energy and Power with PAPI , 2012, 2012 41st International Conference on Parallel Processing Workshops.

[45] Ying Chen,et al. Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[46] Taner Tuncer,et al. FPGA based programmable embedded intrusion detection system , 2010, SIN.

[47] Luiz Eduardo Soares de Oliveira,et al. A Methodology for Feature Selection Using Multiobjective Genetic Algorithms for Handwritten Digit String Recognition , 2003, Int. J. Pattern Recognit. Artif. Intell..

[48] David E. Goldberg,et al. Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[49] Haoyu Song,et al. Efficient packet classification for network intrusion detection using FPGA , 2005, FPGA '05.