FPGA based intrusion detection system against unknown and known attacks

  • Authors:

  • Dong-Ho Kang;Byoung-Koo Kim;Jin-Tae Oh;Taek-Yong Nam;Jong-Soo Jang

  • Affiliations:

  • Electronics and Telecommunications Research Institute, Information Security Research Division, Korea;Electronics and Telecommunications Research Institute, Information Security Research Division, Korea;Electronics and Telecommunications Research Institute, Information Security Research Division, Korea;Electronics and Telecommunications Research Institute, Information Security Research Division, Korea;Electronics and Telecommunications Research Institute, Information Security Research Division, Korea

  • Venue:
  • PRIMA'06 Proceedings of the 9th Pacific Rim international conference on Agent Computing and Multi-Agent Systems
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Network intrusion detection systems often rely on matching patterns that are gleaned from known attacks. While this method is reliable and rarely produces false alarms, it has the obvious disadvantage that it cannot detect novel attacks. Accordingly, an alternative approach which can be a combination with pattern matching approach is needed. We have made effort to design and implement high speed protocol anomaly and signature based intrusion detection approach to detect known and unknown attacks. This approach extracts a set of service fields from the application payload where many attacks occur and analyzes the value of fields to verify attack. This approach is implemented on the FPGA (Xilinx Virtex II pro) device to process packet at gigabit-per-second data rates.