Using Decision Trees to Improve Resource Utilization on FPGA-based Network Intrusion Detection System

• Main Authors: Ya-Ti Wei, 魏雅笛
• Other Authors: Yi-Ming Chen
• Format: Others
• Language: zh-TW
• Published: 2009
• Online Access: http://ndltd.ncl.edu.tw/handle/89652649266820124688

碩士 === 國立中央大學 === 資訊管理研究所 === 97 === As network services become more and more important in our society, the demand for network security systems is increasing. Network intrusion detection systems (NIDS) provide an effective and secure solution to the network attacks and are widely used in enterprises. Many NIDSs, such as Snort, are based on software, so their processing speeds are much slower than wire-speed. FPGA technology has properties which are high speed string matching and reprogrammable, but the resources in FPGA are limited while the database of signatures has become very large and keeps growing. In this thesis we use decision tree to improve the utilization of resources when implementing NIDS on FPGA. The system uses decision tree to process the rule header to reduce resource requirements. Rule options are organized to multiple string matching groups according to the matching results of rule header. We implement an IDS circuit that process 1023 Snort rules at FPGA. The experimental results show that the system can reduce the average of resource by 56%. In addition, we develop a tool to automatically generate the Verilog HDL source code of the IDS circuit from a Snort rule set. Using the FPGA and the IDS circuit generator, the proposed system is able to update the matching rule corresponding to new intrusion and attacks.