Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems

Authors

  • Serhii Ya. Hilgurt Department of Mathematical and Econometric Modelling, G.E. Pukhov Institute for Modelling in Energy Engineering of the National Academy of Sciences of Ukraine, Ukraine
  • Anatolii M. Davydenko Department of Mathematical and Econometric Modelling, G.E. Pukhov Institute for Modelling in Energy Engineering of the National Academy of Sciences of Ukraine, Ukraine
  • Tetyana V. Matovka Department of Finance and Banking, Uzhhorod National University, Ukraine
  • Mykhailo P. Prygara Department of Machine Industry Technology, Uzhhorod National University, Ukraine

DOI:

https://doi.org/10.13052/jcsm2245-1439.123.5

Keywords:

Signature-based cybersecurity system, multi-pattern matching, FPGA, NIDS, qualitative and quantitative analysis

Abstract

When creating signature-based cybersecurity systems for network intrusion detection (NIDS), spam filtering, protection against viruses, worms, etc., developers have to use hardware devices such as field programmable gate arrays (FPGA), since software solutions can no longer support the necessary speeds. There are many different approaches to build hardware circuits for pattern matching (where patterns are the parts of signatures). Choosing the optimal technical solution for certain conditions is not a trivial task. Developers of such hardware tend to act intuitively, heuristically. In this article, we provide tools to help them intelligently build cybersecurity systems using FPGAs. For the qualitative analysis of FPGA-based matching schemes, the classification of efficiency criteria and related indicators is considered. This classification was compiled by studying a large number of practical developments of FPGA-based cybersecurity systems, primarily NIDS. A method of rapid calculating numerical characteristics of the FPGA-based signature system components is proposed as a quantitative assessment tool. This method based on the use of so-called estimation functions allows avoiding the time-consuming execution of the digital circuit synthesis procedure. A number of experiments were carried out with the most promising matching schemes, allowing evaluating the above-mentioned tools. The rapid quantification method allows developers of hardware-accelerated cybersecurity systems to even apply it at each iteration within the optimization procedure cycle.

Downloads

Download data is not yet available.

Author Biographies

Serhii Ya. Hilgurt, Department of Mathematical and Econometric Modelling, G.E. Pukhov Institute for Modelling in Energy Engineering of the National Academy of Sciences of Ukraine, Ukraine

Sergii Ya. Hilgurt, a Senior Researcher of Pukhov Institute for Modelling in Energy Engineering (PIMEE) of NAS of Ukraine since 1992, he received the scientific degree PhD in “Computing machines, complexes, systems and networks” from the graduate school of the Institute for Modelling in Energy Engineering, Kyiv, Ukraine, in 1990. From 1994 to 2008 he worked part-time at oil-pipelines automation company GERAX. From 2000 to 2004 he studied at the Doctorate of PIMEE. In 2015 he was awarded the scientific title of Senior Researcher in “Computer systems and parts”. He received the scientific degree Doctor of Technical Sciences in “information protection systems” from the specialized scientific council of PIMEE in 2021. He is the author of three books, two preprints, five inventions, and 85 articles. His research interests include: factory automation, HPC, FPGA-based network security systems and cybersecurity of critical cyber-physical systems.

Anatolii M. Davydenko, Department of Mathematical and Econometric Modelling, G.E. Pukhov Institute for Modelling in Energy Engineering of the National Academy of Sciences of Ukraine, Ukraine

Anatolii M. Davydenko, a Leader Researcher of Pukhov Institute for Modelling in Energy Engineering of NAS of Ukraine since 1992, he received the scientific degree PhD in “Elements and devices of computer technology” from the graduate school of the Institute for Modelling in Energy Engineering, Kyiv, Ukraine, in 1990. In 1995–1996 he worked in the Main Department of Civil Service under the Cabinet of Ministers of Ukraine. From 1996 to 2000 he studied at the Doctorate of PIMEE. In 2001 he was awarded the scientific title of Senior Researcher in “Progressive Information Technologies”. He received the scientific degree Doctor of Technical Sciences in “Information Security Systems” from the specialized scientific council of PIMEE in 2021. He is the author of 5 books and tutorials, 7 inventions, and more than 100 articles. His research interests include: mathematical modelling and analysis of information threats in automated systems, examination of software and hardware subsystems of information protection systems, artificial intelligence methods of information security.

Tetyana V. Matovka, Department of Finance and Banking, Uzhhorod National University, Ukraine

Tetyana V. Matovka received a master’s degree in banking at the Uzhhorod National University in 2008. In 2017, she obtained the degree PhD at Mukachevo State University. She currently works as an associate professor at the Department of finance and banking, Uzhhorod National University, Ukraine. She is the co-author of two collective monographs and more than 15 articles in both domestic and international publications. Her research interests include: development and security of banking technologies.

Mykhailo P. Prygara, Department of Machine Industry Technology, Uzhhorod National University, Ukraine

Mykhailo P. Prygara Graduated from the Kyiv National University of Construction and Architecture with a major in information management systems and technologies in 2010, he obtained the degree PhD at the National Aviation University, Kyiv, Ukraine, in 2018. He is the co-author of a collective monograph and more than 10 articles in domestic and foreign publications. His research interests include: development and security of e-democracy systems.

References

Stetsenko, I. V., and M. Demydenko. 2020. Signature-based Intrusion Detection Hardware-Software Complex. Information & Security, vol. 47, no. 2, pp. 221–231. doi: 10.11610/isij.4715.

Díaz-Verdejo, J., J. Muñoz-Calle, A. E. Alonso, R. E. Alonso, and G. Madinabeitia. 2022. On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks. Applied Sciences (Switzerland), vol. 12, no. 2:852. doi: 10.3390/app12020852.

B. Smyth. 2003 Computing Patterns in Strings. Essex: Pearson Addison Wesley, 423 p.

Chen, H., Y. Chen, and D. H. Summerville. 2011. A Survey on the Application of FPGAs for Network Infrastructure Security. IEEE Communications Surveys and Tutorials, Article vol. 13, no. 4, pp. 541–561. doi: 10.1109/surv.2011.072210.00075.

Jyothi, V., S. K. Addepalli, and R. Karri. 2018. DPFEE: A High Performance Scalable Pre-Processor for Network Security Systems. IEEE Transactions on Multi-Scale Computing Systems, Article vol. 4, no. 1, pp. 55–68. doi: 10.1109/tmscs.2017.2765324.

Park, T., J. Nam, S. H. Na, J. Chung, and S. Shin. 2021. Reinhardt: Real-time Reconfigurable Hardware Architecture for Regular Expression Matching in DPI. ACM International Conference Proceeding Series, pp. 620–633. doi: 10.1145/3485832.3485878.

Nam, J., S. H. Na, S. Shin, and T. Park. 2022. Reconfigurable regular expression matching architecture for real-time pattern update and payload inspection. Journal of Network and Computer Applications, vol. 208:103507. doi: 10.1016/j.jnca.2022.103507.

Nagaraju, S., B. Shanmugham, and K. Baskaran. 2021. High throughput token driven FSM based regex pattern matching for network intrusion detection system. Materials Today: Proceedings, vol. 47, pp. 139–143. doi: 10.1016/j.matpr.2021.04.028.

Ngo, D.-M., D. Lightbody, A. Temko, C. Pham-Quoc, N.-T. Tran, C. C. Murphy, and E. Popovici. 2023. HH-NIDS: Heterogeneous Hardware-Based Network Intrusion Detection Framework for IoT Security. Future Internet, vol. 15, no. 1, pp. 9. doi: 10.3390/fi15010009.

Hilgurt, S. Ya. 2021. A Survey on Hardware Solutions for Signature-Based Security Systems. 1st International Workshop on Information Technologies: Theoretical and Applied Problems 2021 (ITTAP 2021), Ternopil, Ukraine, 16–18 Nov. 2021. – CEUR Workshop Proceedings, vol. 3039, pp. 6–23. Available at: http://ceur-ws.org/Vol-3039/

Hilgurt, S. 2021. A Concise Review of FPGA-based Hardware Solutions for Network Intrusion Detection. IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T), pp. 164–168. doi: 10.1109/PICST54195.2021.9772171.

Guccione, S. A., D. Levi, and D. Downs. 2000. A reconfigurable content addressable memory. Parallel and Distributed Processing, Proceedings, Article; Proceedings Paper, vol. 1800, pp. 882–889.

Sourdis, I., and D. Pnevmatikatos. 2004. Pre-decoded CAMs for efficient and high-speed NIDS pattern matching. 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Proceedings, Proceedings Paper, pp. 258–267. doi: 10.1109/fccm. 2004.46.

Sourdis, I., D. N. Pnevmatikatos, and S. Vassiliadis. 2008. Scalable multigigabit pattern matching for packet inspection. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Article vol. 16, no. 2, pp. 156–166. doi: 10.1109/tvls1.2007.912036.

Bloom, B. H. 1970. Space/Time Trade-offs in Hash Coding with Allowable Errors. Communications of the ACM, Article vol. 13, no. 7, pp. 422–426. doi: 10.1145/362686.362692.

Dharmapurikar, S., M. Attig, and J. Lockwood. 2004. Design and Implementation of a String Matching System for Network Intrusion Detection using FPGA-based Bloom Filters. All Computer Science and Engineering Research, Washington University in St. Louis, Report Number: WUCSE-2004-12, 2004-03-25.

Geravand, S., and M. Ahmadi. 2013. Bloom filter applications in network security: A state-of-the-art survey. Computer Networks, Article vol. 57, no. 18, pp. 4047–4064. doi: 10.1016/j.comnet.2013.09.003.

Aho, A. V., and M. J. Corasick. 1975. Efficient String Matching: An Aid to Bibliographic Search. Communications of the ACM, vol. 18, no. 6, pp. 333–340. doi: 10.1145/360825.360855.

Lunteren, J. 2006. High-performance pattern-matching for intrusion detection. 25th IEEE International Conference on Computer Communications, Vols 1–7, Proceedings IEEE Infocom 2006, Proceedings Paper, pp. 1409–1421.

Jiang, W., Y. H. E. Yang, and V. K. Prasanna. 2010. Scalable multi-pipeline architecture for high performance multi-pattern string matching. 24th IEEE International Parallel and Distributed Processing Symposium, IPDPS 2010, Atlanta, GA, pp. 1–12. doi: 10.1109/IPDPS.2010.5470374.

AMD/Xilinx. [Online]. Available at: www.xilinx.com.

Evdokimov, V., A. Davydenko, and S. Hilgurt. 2021. Using GRID for Centralized Synthesis of FPGA-based Information Security Systems. Pattern Recognition and Information Processing (PRIP’2021): Proceedings of the 15th International Conference, Minsk, Belarus, 21–24 Sept. 2021. – Minsk: UIIP NASB, pp. 115–118.

Antonatos, S., K. G. Anagnostakis, and E. P. Markatos. 2004. Generating realistic workloads for network intrusion detection systems. Proceedings of the Fourth International Workshop on Software and Performance, WOSP’04, pp. 207–215. doi: 10.1145/974043.974078.

Dharmapurikar, S., and J. Lockwood. 2005. Fast and scalable pattern matching for content filtering. 2005 Symposium on Architectures for Networking and Communications Systems (ANCS), Princeton, StateNJ, USA, pp. 183–192. doi: 10.1145/1095890.1095916.

Lunteren, J., and T. Engbersen. 2003. Fast and scalable packet classification. IEEE Journal on Selected Areas in Communications, Article; Proceedings Paper vol. 21, no. 4, pp. 560–571. doi: 10.1109/jsac.2003.810527.

Hilgurt, S. 2020. Parallel combining different approaches to multi-pattern matching for FPGA-based security systems. Advances in cyber-physical systems, vol. 5, no. 1, pp. 8–15. doi: 10.23939/acps2020.01.008.

AMD/Xilinx “Virtex®

UltraScale+TM

HBM FPGAs provide the highest on-chip memory density with up to 500Mb of total on-chip integrated memory, plus up to 16GB of high-bandwidth memory (HBM) Gen2 integrated in-package for 460GB/s of memory bandwidth”. [Online]. Available at: www.xilinx.com/products/silicon-devices/fpga/virtex-ultrascale-plus-hbm.html.

Zhang, J., L. Pan, Q. L. Han, C. Chen, S. Wen, and Y. Jiang. 2022. Deep Learning Based Attack Detection for Cyber-Physical System Cybersecurity: A Survey. IEEE/CAA Journal of Automatica Sinica, vol. 9, no. 3, pp. 377–391. doi: 10.1109/JAS.2021.1004261.

Rizvi, S., M. Scanlon, J. McGibney, and J. Sheppard. 2022. Deep Learning Based Network Intrusion Detection System for Resource-Constrained Environments. The 13th EAI International Conference on Digital Forensics and Cyber Crime.

Sha’ari, A. S., and Z. Abdullah. 2022. A Comparative Study between Machine Learning and Deep Learning Algorithm for Network Intrusion Detection. Journal of Soft Computing and Data Mining, vol. 3, no. 2, pp. 43–51.

Downloads

Published

2023-05-18

How to Cite

1.
Hilgurt SY, Davydenko AM, Matovka TV, Prygara MP. Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems. JCSANDM [Internet]. 2023 May 18 [cited 2023 Jun. 10];12(03):339–366. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/18861

Issue

Section

Assurance of Information Systems’ Quality and Security