Summary: | This paper proposes an FPGA-based network intrusion detection system for the IEC 61850-based industrial network that is specially designed for substation automation. The proposed system uses the Shift-And algorithm for detecting malicious network packets within IEC 61850 messages. To implement a complex rule matching module with a limited memory size of FPGA, a specially designed rule matching module was proposed in this paper. For feasibility evaluation, a prototype with 265 regular expression matching modules was implemented using Xilinx Zynq-7030 FPGA and its performance is presented in this paper. Keywords: Network intrusion detection system (NIDS), IEC 61850, Regular expression, Substation automation, FPGA
|