A High-Throughput Network Intrusion Detection System Using On-Device Learning on FPGA
Deploying machine learning (ML)/deep learning (DL)-based network intrusion detection system (NIDS) enables intelligent traffic analysis against the increasing sophistication of modern network traffic. However, most existing DL/ML-based NIDSs rely heavily on large-scale models and statistical-based f...
Saved in:
| Published in | Proceedings (IEEE International Symposium on Embedded Multicore/Manycore SoCs. Online) pp. 426 - 433 |
|---|---|
| Main Authors | , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
16.12.2024
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2771-3075 |
| DOI | 10.1109/MCSoC64144.2024.00076 |
Cover
| Abstract | Deploying machine learning (ML)/deep learning (DL)-based network intrusion detection system (NIDS) enables intelligent traffic analysis against the increasing sophistication of modern network traffic. However, most existing DL/ML-based NIDSs rely heavily on large-scale models and statistical-based features, which lead to the development of such NIDS for IoT devices being computationally expensive and low throughput, thereby falling against the ever-growing network bandwidth. In this work, we propose a new intrusion detection system on FPGA by using on-device learning to classify network traffic online at high throughput. In particular, the proposed NIDS first introduces the two-level hierarchical raw transmitted bytes for input features. Further, our NIDS employs a lightweight classifier by incorporating a genetic algorithm-based feature selector and on-device sequential learning semi-supervised anomaly detector (ONLAD). These three engines are implemented on the Xilinx ZCU104 FPGA platform for high throughput while supporting model updates online by the on-device learning mechanism. For proof of concept, our results on the CIC-IDS2018 dataset show that the proposed method reaches a maximum throughput of 3,302,010 pps and a supported bandwidth of 39.62 Gbps while maintaining 0.986 AUC score. Moreover, our NIDS allows model updates on-device with a power consumption of 0.703 W and latency of 4.17 us. |
|---|---|
| AbstractList | Deploying machine learning (ML)/deep learning (DL)-based network intrusion detection system (NIDS) enables intelligent traffic analysis against the increasing sophistication of modern network traffic. However, most existing DL/ML-based NIDSs rely heavily on large-scale models and statistical-based features, which lead to the development of such NIDS for IoT devices being computationally expensive and low throughput, thereby falling against the ever-growing network bandwidth. In this work, we propose a new intrusion detection system on FPGA by using on-device learning to classify network traffic online at high throughput. In particular, the proposed NIDS first introduces the two-level hierarchical raw transmitted bytes for input features. Further, our NIDS employs a lightweight classifier by incorporating a genetic algorithm-based feature selector and on-device sequential learning semi-supervised anomaly detector (ONLAD). These three engines are implemented on the Xilinx ZCU104 FPGA platform for high throughput while supporting model updates online by the on-device learning mechanism. For proof of concept, our results on the CIC-IDS2018 dataset show that the proposed method reaches a maximum throughput of 3,302,010 pps and a supported bandwidth of 39.62 Gbps while maintaining 0.986 AUC score. Moreover, our NIDS allows model updates on-device with a power consumption of 0.703 W and latency of 4.17 us. |
| Author | Wu, Man Kondo, Masaaki |
| Author_xml | – sequence: 1 givenname: Man surname: Wu fullname: Wu, Man email: wu.man.wi5@acsl.ics.keio.ac.jp organization: Keio University,Department of Information and Computer Science,Yokohama,Japan – sequence: 2 givenname: Masaaki surname: Kondo fullname: Kondo, Masaaki email: kondo@acsl.ics.keio.ac.jp organization: Keio University,Department of Information and Computer Science,Yokohama,Japan |
| BookMark | eNotjm1PwjAUhavRRMT9A036BzZv23W3_UiGvCQoJsBnMscdVKUjW8Hw7x3RT-fk5MnJc89ufO2JsScBiRBgn1_zRZ1nqUjTRIJMEwDA7IpFFq1RSmgFKYpr1pOIIlaA-o5FbfvZYUpCCkb32GrAJ267i5e7pj5ud4dj4G8Ufurmi099aI6tqz0fUqAyXNri3Aba81Xr_JbPfTykkyuJz6ho_GXqkNH7ePDAbqviu6XoP_tsOXpZ5pN4Nh9P88EsdlaE2OCGlLS6sJI6XYNWV0gZlbqTKwHlx6bYZFgIAyIzymRQVWQlGiytNAZUnz3-3ToiWh8aty-a81qAEVZrq34BV5lSiw |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/MCSoC64144.2024.00076 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISBN | 9798331530471 |
| EISSN | 2771-3075 |
| EndPage | 433 |
| ExternalDocumentID | 10819559 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Research and Development funderid: 10.13039/100006190 |
| GroupedDBID | 6IE 6IF 6IL 6IN AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK OCL RIE RIL |
| ID | FETCH-LOGICAL-i91t-87de3295a92e3318795f7e6ec5040c072bdad67a1801683860ffe92787c928803 |
| IEDL.DBID | RIE |
| IngestDate | Wed Jan 15 06:21:25 EST 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i91t-87de3295a92e3318795f7e6ec5040c072bdad67a1801683860ffe92787c928803 |
| PageCount | 8 |
| ParticipantIDs | ieee_primary_10819559 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-Dec.-16 |
| PublicationDateYYYYMMDD | 2024-12-16 |
| PublicationDate_xml | – month: 12 year: 2024 text: 2024-Dec.-16 day: 16 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings (IEEE International Symposium on Embedded Multicore/Manycore SoCs. Online) |
| PublicationTitleAbbrev | MCSOC |
| PublicationYear | 2024 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0003204085 |
| Score | 1.8947617 |
| Snippet | Deploying machine learning (ML)/deep learning (DL)-based network intrusion detection system (NIDS) enables intelligent traffic analysis against the increasing... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 426 |
| SubjectTerms | Bandwidth Field programmable gate arrays FPGA Machine learning Multicore processing Network intrusion detection Network intrusion detection system on-device learning Power demand Real-time systems semi-supervised learning Table lookup Telecommunication traffic Throughput |
| Title | A High-Throughput Network Intrusion Detection System Using On-Device Learning on FPGA |
| URI | https://ieeexplore.ieee.org/document/10819559 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NSwMxEA22J734VdH6QQ5et2aTTbY5ltZahdaCLfRWssmsiLDtYXvx1zvJbmsRBG9LWNjNTJJhMu-9IeRegRMiSbPI5IAJSmZFZKTOojSXylmDbjGeKDyeqNE8eVnIRU1WD1wYAAjgM-j4x1DLdyu78VdluMN91UfqBmngOqvIWrsLFcGZV-uqWTox0w_j_tuqrxJMGTAP5F4lm3lpkb0uKiGIDI_JZPv5Cjvy2dmUWcd-_VJm_Pf_nZDWD1-PTneR6JQcQHFGjvakBs_JvEc9pCOaVX151puSTioEOH0uPPEC_UMHUAZkVkErIXMaAAX0tYgG4E8UWquxvlN8ZTh96rXIbPg464-iuqVC9KHjEo8-B4JraTQHIUKj8TwFBVai7SxLeeaMU6mJMW6prugqluegORrbao47XVyQZrEq4JJQ5XxBDzDbMyzJnDLMxtLY3DFuutywK9LyBlquK9GM5dY27T_Gr8mhd5JHisTqhjRx5nCL8b7M7oKfvwHyqamk |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV09T8MwELWgDMDCVxHfeGBNcezYqceqpbTQhkqkElvl2BeEkNIO6cKvx3bSUiEhsVmWB-tO59P53nuH0J0Aw1gUZ4HKwRYomWaB4jIL4pwLo5V1i3JE4XEiBtPo6Y2_1WR1z4UBAA8-g5Zb-l6-meul-yqzEe66Plxuox2b-CNe0bXWXyqMEqfXVfN0QiLvx93XeVdEtmiwlSB1OtnEiYtszFHxaaR_gJLVBSr0yGdrWWYt_fVLm_HfNzxEzR_GHp6sc9ER2oLiGO1viA2eoGkHO1BHkFaTeRbLEicVBhwPC0e9sB7CPSg9NqvAlZQ59pAC_FIEPXBvCq71WN-xPdKfPHaaKO0_pN1BUA9VCD5kWNrHzwCjkitJgTE_ajyPQYDm1naaxDQzyohYhTZziTZrC5LnIKkNay2pjXV2ihrFvIAzhIVxLT2w9Z4iUWaEIjrkSueGUNWmipyjpjPQbFHJZsxWtrn4Y_8W7Q7S8Wg2GibPl2jPOczhRkJxhRrWCnBts3-Z3XiffwMG9Kzx |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%28IEEE+International+Symposium+on+Embedded+Multicore%2FManycore+SoCs.+Online%29&rft.atitle=A+High-Throughput+Network+Intrusion+Detection+System+Using+On-Device+Learning+on+FPGA&rft.au=Wu%2C+Man&rft.au=Kondo%2C+Masaaki&rft.date=2024-12-16&rft.pub=IEEE&rft.eissn=2771-3075&rft.spage=426&rft.epage=433&rft_id=info:doi/10.1109%2FMCSoC64144.2024.00076&rft.externalDocID=10819559 |