Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems
Keywords:Signature-based cybersecurity system, multi-pattern matching, FPGA, NIDS, qualitative and quantitative analysis
When creating signature-based cybersecurity systems for network intrusion detection (NIDS), spam filtering, protection against viruses, worms, etc., developers have to use hardware devices such as field programmable gate arrays (FPGA), since software solutions can no longer support the necessary speeds. There are many different approaches to build hardware circuits for pattern matching (where patterns are the parts of signatures). Choosing the optimal technical solution for certain conditions is not a trivial task. Developers of such hardware tend to act intuitively, heuristically. In this article, we provide tools to help them intelligently build cybersecurity systems using FPGAs. For the qualitative analysis of FPGA-based matching schemes, the classification of efficiency criteria and related indicators is considered. This classification was compiled by studying a large number of practical developments of FPGA-based cybersecurity systems, primarily NIDS. A method of rapid calculating numerical characteristics of the FPGA-based signature system components is proposed as a quantitative assessment tool. This method based on the use of so-called estimation functions allows avoiding the time-consuming execution of the digital circuit synthesis procedure. A number of experiments were carried out with the most promising matching schemes, allowing evaluating the above-mentioned tools. The rapid quantification method allows developers of hardware-accelerated cybersecurity systems to even apply it at each iteration within the optimization procedure cycle.
Stetsenko, I. V., and M. Demydenko. 2020. Signature-based Intrusion Detection Hardware-Software Complex. Information & Security, vol. 47, no. 2, pp. 221–231. doi: 10.11610/isij.4715.
Díaz-Verdejo, J., J. Muñoz-Calle, A. E. Alonso, R. E. Alonso, and G. Madinabeitia. 2022. On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks. Applied Sciences (Switzerland), vol. 12, no. 2:852. doi: 10.3390/app12020852.
B. Smyth. 2003 Computing Patterns in Strings. Essex: Pearson Addison Wesley, 423 p.
Chen, H., Y. Chen, and D. H. Summerville. 2011. A Survey on the Application of FPGAs for Network Infrastructure Security. IEEE Communications Surveys and Tutorials, Article vol. 13, no. 4, pp. 541–561. doi: 10.1109/surv.2011.072210.00075.
Jyothi, V., S. K. Addepalli, and R. Karri. 2018. DPFEE: A High Performance Scalable Pre-Processor for Network Security Systems. IEEE Transactions on Multi-Scale Computing Systems, Article vol. 4, no. 1, pp. 55–68. doi: 10.1109/tmscs.2017.2765324.
Park, T., J. Nam, S. H. Na, J. Chung, and S. Shin. 2021. Reinhardt: Real-time Reconfigurable Hardware Architecture for Regular Expression Matching in DPI. ACM International Conference Proceeding Series, pp. 620–633. doi: 10.1145/3485832.3485878.
Nam, J., S. H. Na, S. Shin, and T. Park. 2022. Reconfigurable regular expression matching architecture for real-time pattern update and payload inspection. Journal of Network and Computer Applications, vol. 208:103507. doi: 10.1016/j.jnca.2022.103507.
Nagaraju, S., B. Shanmugham, and K. Baskaran. 2021. High throughput token driven FSM based regex pattern matching for network intrusion detection system. Materials Today: Proceedings, vol. 47, pp. 139–143. doi: 10.1016/j.matpr.2021.04.028.
Ngo, D.-M., D. Lightbody, A. Temko, C. Pham-Quoc, N.-T. Tran, C. C. Murphy, and E. Popovici. 2023. HH-NIDS: Heterogeneous Hardware-Based Network Intrusion Detection Framework for IoT Security. Future Internet, vol. 15, no. 1, pp. 9. doi: 10.3390/fi15010009.
Hilgurt, S. Ya. 2021. A Survey on Hardware Solutions for Signature-Based Security Systems. 1st International Workshop on Information Technologies: Theoretical and Applied Problems 2021 (ITTAP 2021), Ternopil, Ukraine, 16–18 Nov. 2021. – CEUR Workshop Proceedings, vol. 3039, pp. 6–23. Available at: http://ceur-ws.org/Vol-3039/
Hilgurt, S. 2021. A Concise Review of FPGA-based Hardware Solutions for Network Intrusion Detection. IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T), pp. 164–168. doi: 10.1109/PICST54195.2021.9772171.
Guccione, S. A., D. Levi, and D. Downs. 2000. A reconfigurable content addressable memory. Parallel and Distributed Processing, Proceedings, Article; Proceedings Paper, vol. 1800, pp. 882–889.
Sourdis, I., and D. Pnevmatikatos. 2004. Pre-decoded CAMs for efficient and high-speed NIDS pattern matching. 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Proceedings, Proceedings Paper, pp. 258–267. doi: 10.1109/fccm. 2004.46.
Sourdis, I., D. N. Pnevmatikatos, and S. Vassiliadis. 2008. Scalable multigigabit pattern matching for packet inspection. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Article vol. 16, no. 2, pp. 156–166. doi: 10.1109/tvls1.2007.912036.
Bloom, B. H. 1970. Space/Time Trade-offs in Hash Coding with Allowable Errors. Communications of the ACM, Article vol. 13, no. 7, pp. 422–426. doi: 10.1145/362686.362692.
Dharmapurikar, S., M. Attig, and J. Lockwood. 2004. Design and Implementation of a String Matching System for Network Intrusion Detection using FPGA-based Bloom Filters. All Computer Science and Engineering Research, Washington University in St. Louis, Report Number: WUCSE-2004-12, 2004-03-25.
Geravand, S., and M. Ahmadi. 2013. Bloom filter applications in network security: A state-of-the-art survey. Computer Networks, Article vol. 57, no. 18, pp. 4047–4064. doi: 10.1016/j.comnet.2013.09.003.
Aho, A. V., and M. J. Corasick. 1975. Efficient String Matching: An Aid to Bibliographic Search. Communications of the ACM, vol. 18, no. 6, pp. 333–340. doi: 10.1145/360825.360855.
Lunteren, J. 2006. High-performance pattern-matching for intrusion detection. 25th IEEE International Conference on Computer Communications, Vols 1–7, Proceedings IEEE Infocom 2006, Proceedings Paper, pp. 1409–1421.
Jiang, W., Y. H. E. Yang, and V. K. Prasanna. 2010. Scalable multi-pipeline architecture for high performance multi-pattern string matching. 24th IEEE International Parallel and Distributed Processing Symposium, IPDPS 2010, Atlanta, GA, pp. 1–12. doi: 10.1109/IPDPS.2010.5470374.
AMD/Xilinx. [Online]. Available at: www.xilinx.com.
Evdokimov, V., A. Davydenko, and S. Hilgurt. 2021. Using GRID for Centralized Synthesis of FPGA-based Information Security Systems. Pattern Recognition and Information Processing (PRIP’2021): Proceedings of the 15th International Conference, Minsk, Belarus, 21–24 Sept. 2021. – Minsk: UIIP NASB, pp. 115–118.
Antonatos, S., K. G. Anagnostakis, and E. P. Markatos. 2004. Generating realistic workloads for network intrusion detection systems. Proceedings of the Fourth International Workshop on Software and Performance, WOSP’04, pp. 207–215. doi: 10.1145/974043.974078.
Dharmapurikar, S., and J. Lockwood. 2005. Fast and scalable pattern matching for content filtering. 2005 Symposium on Architectures for Networking and Communications Systems (ANCS), Princeton, StateNJ, USA, pp. 183–192. doi: 10.1145/1095890.1095916.
Lunteren, J., and T. Engbersen. 2003. Fast and scalable packet classification. IEEE Journal on Selected Areas in Communications, Article; Proceedings Paper vol. 21, no. 4, pp. 560–571. doi: 10.1109/jsac.2003.810527.
Hilgurt, S. 2020. Parallel combining different approaches to multi-pattern matching for FPGA-based security systems. Advances in cyber-physical systems, vol. 5, no. 1, pp. 8–15. doi: 10.23939/acps2020.01.008.
HBM FPGAs provide the highest on-chip memory density with up to 500Mb of total on-chip integrated memory, plus up to 16GB of high-bandwidth memory (HBM) Gen2 integrated in-package for 460GB/s of memory bandwidth”. [Online]. Available at: www.xilinx.com/products/silicon-devices/fpga/virtex-ultrascale-plus-hbm.html.
Zhang, J., L. Pan, Q. L. Han, C. Chen, S. Wen, and Y. Jiang. 2022. Deep Learning Based Attack Detection for Cyber-Physical System Cybersecurity: A Survey. IEEE/CAA Journal of Automatica Sinica, vol. 9, no. 3, pp. 377–391. doi: 10.1109/JAS.2021.1004261.
Rizvi, S., M. Scanlon, J. McGibney, and J. Sheppard. 2022. Deep Learning Based Network Intrusion Detection System for Resource-Constrained Environments. The 13th EAI International Conference on Digital Forensics and Cyber Crime.
Sha’ari, A. S., and Z. Abdullah. 2022. A Comparative Study between Machine Learning and Deep Learning Algorithm for Network Intrusion Detection. Journal of Soft Computing and Data Mining, vol. 3, no. 2, pp. 43–51.
How to Cite
Copyright (c) 2023 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.