network intrusion detection using neural networks on fpga
play

Network Intrusion Detection Using Neural Networks on FPGA SoCs - PowerPoint PPT Presentation

Oct 02, 2023 •842 likes •936 views

Network Intrusion Detection Using Neural Networks on FPGA SoCs Lenos Ioannou and Suhaib A. Fahmy School of Engineering, University of Warwick, UK Introduction Mainstream approaches in intrusion detection do not scale well to the embedded

  1. Network Intrusion Detection Using Neural Networks on FPGA SoCs Lenos Ioannou and Suhaib A. Fahmy School of Engineering, University of Warwick, UK

  2. Introduction • Mainstream approaches in intrusion detection do not scale well to the embedded domain, mainly due to computational complexity • Limited computing power at the nodes, not intended for significant security mechanisms • More lightweight security mechanisms required, adaptable to updates • Explore the use Neural Networks as a more lightweight Network Intrusion Detection approach

  3. Intrusion Detection Neural Network • NSL-KDD dataset: • Used 29 of the 41 features of each record (3 in categorical form) • 110 inputs after one-hot encoding • Trained a NN with 110-21-2, similar to that in [1], with Tensorflow [2] • Obtaining at best: Test set classification results • 96.02% accuracy on the train set • 80.52% accuracy on the test set

  4. HLS Implementation • Vivado High Level Synthesis 2016.4, targeting a Xilinx Zynq Z-7020 • Use of memories as Look-Up-Tables, inputs restored to 29 • Use of floating point IEEE-754 to support coefficient updates • Configurable weights and biases through AXI-Lite (2375) : 2.3ms • Timing results: • Resource utilization:

  5. FPGA System-Implemented System • Execution time-Test set: • Detection rate (IPv4 min-576B):

  6. Conclusion • Network Intrusion Detection NN with moderate complexity • Flexible accelerator that adapts to newly trained weights dynamically • Offers fast detection rate, within a single packet Future work • Explore different and alternative network topologies • Extend our approach to other datasets • Explore approaches that reduce latency

  7. References [1] B. Ingre and A. Yadav. Performance analysis of NSL-KDD dataset using ANN. In Proc. International Conference on Signal Processing and Communication Engineering Systems, pages 92–96, 2015. [2] Martin Abadi et al. TensorFlow: Large-scale machine learning on heterogeneous systems, 2015. [3] M. Idhammad, K. Afdel, and M. Belouch, “DoS detection method based on artificial neural networks,” International Journal of Advanced Computer Science and Applications, vol. 8, no. 4, 2017. [4] Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani. A detailed analysis of the KDD CUP 99 data set. In Proc. IEEE International Conference on Computational Intelligence for Security and Defense Applications, pages 53–58, 2009.

Recommend

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood Applied Research Lab : Reconfigurable Network Group Department of Computer Science and Engineering

214 views • 9 slides
Cyber Intrusion Detection by Using Deep Neural Networks with Attack-sharing Loss IEEE DataCom

Cyber Intrusion Detection by Using Deep Neural Networks with Attack-sharing Loss IEEE DataCom

Cyber Intrusion Detection by Using Deep Neural Networks with Attack-sharing Loss IEEE DataCom 19 Boxiang Dong 1 Hui (Wendy) Wang 2 Aparna S. Varde 1 Dawei Li 1 Bharath K. Samanthula 1 Weifeng Sun 3 Liang Zhao 3 1 Montclair State University

476 views • 24 slides
Design and implementation of an intrusion detection system (IDS) for in-vehicle networks

Design and implementation of an intrusion detection system (IDS) for in-vehicle networks

Design and implementation of an intrusion detection system (IDS) for in-vehicle networks Presented by: Nors Salman Credits to my thesis partner: Marco Bresch Brief background: in-vehicle networks Controller Area Network (CAN) MOST

425 views • 23 slides
An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA?

An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA?

An introduction to FPGA-based acceleration of neural networks Marco Pagani 1 What is an FPGA? Field-programmable gate array (FPGA) are integrated circuits designed to be con fi gured after manufacturing for implementing arbitrary logic

429 views • 15 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

143 views • 12 slides
Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald

Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald

Optimising the resource utilisation in high-speed network intrusion detection systems. Gerald Tripp www.kent.ac.uk Network intrusion detection Network intrusion detection systems are provided to detect the presence of various security

260 views • 12 slides
Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu

Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu

Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu BERKE1337 March 3, 2016 Outline 1. Intrusion Detection 101 2. Bro 3. Network Forensics Exercises 1 / 29 Detection vs. Blocking Intrusion

432 views • 32 slides
Neural Network Overlay Using FPGA DSP Blocks Lenos Ioannou and Suhaib A. Fahmy School of

Neural Network Overlay Using FPGA DSP Blocks Lenos Ioannou and Suhaib A. Fahmy School of

Neural Network Overlay Using FPGA DSP Blocks Lenos Ioannou and Suhaib A. Fahmy School of Engineering, University of Warwick, UK Introduction Long back-end tool compilation hinders rapid deployment of Neural Networks on FPGAs at the edge

96 views • 7 slides
Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural

Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural

Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks Objective The dataset Ranking the significance of inputs The Algorithms Performance metrics for support vector machines

802 views • 38 slides
Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

ITS335 Intrusion Detection Intruders Intrusion Detection Host-Based Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots Summary Sirindhorn International Institute of Technology Thammasat University

585 views • 30 slides
Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection

Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection

Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection Systems Signature Based IDS Monitor packets on the network Compare them against database of signatures/attributes from known threats

476 views • 26 slides
Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor:

Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor:

Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor: Prof. Nirmalya Roy Introduction The paper is from 2010 Second International Conference on Communication Software and Networks; Basic

517 views • 15 slides
A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security

A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security

A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security and Privacy Sumanta Saha Md. Safiqul Islam Md. Sakhawat Hossen W IRELESS A D H OC N ETWORK Wireless ad hoc networks are autonomous nodes that

372 views • 15 slides
Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and Mohammad Zulkernine School of Computing Queens University, Kingston Ontario, Canada K7L 3N6 {zhang, mzulker} @cs.queensu.ca Abstract- Anomaly

284 views • 6 slides
Network Security: Intrusion Detection Seungwon Shin, KAIST most slides from Dr. Guofei Gu Some

Network Security: Intrusion Detection Seungwon Shin, KAIST most slides from Dr. Guofei Gu Some

Network Security: Intrusion Detection Seungwon Shin, KAIST most slides from Dr. Guofei Gu Some Definition Intrusion A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability, of a computing and

814 views • 29 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in written report form, as a text, pdf, or Word document

504 views • 21 slides
Outline Intrusion detection systems Malware and the network CSci 5271 Announcements

Outline Intrusion detection systems Malware and the network CSci 5271 Announcements

Outline Intrusion detection systems Malware and the network CSci 5271 Announcements intermission Introduction to Computer Security Middlebox, malware, anonymity combined slides Denial of service and the network Anonymous communications

253 views • 11 slides

More recommend