Distributed IDS using Reconfigurable Hardware

• Published in: 2007 IEEE International Parallel and Distributed Processing Symposium pp. 1 - 6
• Main Authors: Ashok Kumar Tummala, Parimal Patel
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.03.2007
• Subjects: Computer crime; Computer networks; Costs; Field programmable gate arrays; Hardware; High-speed networks; Intrusion detection; IP networks; Parallel processing; Software systems
• ISBN: 1424409098; 9781424409099
• ISSN: 1530-2075
• DOI: 10.1109/IPDPS.2007.370616

With the rapid growth of computer networks and network infrastructures and increased dependency on the Internet to carry out day-to-day activities, it is imperative that the components of the system are secured. In the last few years a number of intrusion detection systems (IDS) have been developed as network security tools. While considerable progress has been made in the areas of string matching, header processing and detecting DoS attacks at network level. In this paper we are proposing the architecture of a distributed intrusion detection system (DIDS) for use in high-speed networks. The proposed DIDS has host IDS component at each host that combines the above-mentioned functionalities. DIDS consists of central IDS component which performs sophisticated processing to detect any signs of distributed attacks on the entire network and update rules in each host system. It is essential to use hardware systems or software with hardware accelerators. The proposed DIDS is a custom hardware implemented on field programmable gate arrays (FPGAs). This allows the introduction of higher degree of parallelism than might be possible in software at a reasonable cost. The nature of future attacks to the Internet's infrastructure is difficult to predict, and partial reconfigurability feature of FPGA will allow the system to be adapted to a constant change allowing the system to adapt to new threats.