A High-Throughput Network Intrusion Detection System Using On-Device Learning on FPGA

Deploying machine learning (ML)/deep learning (DL)-based network intrusion detection system (NIDS) enables intelligent traffic analysis against the increasing sophistication of modern network traffic. However, most existing DL/ML-based NIDSs rely heavily on large-scale models and statistical-based f...

Full description

Saved in:
Bibliographic Details
Published inProceedings (IEEE International Symposium on Embedded Multicore/Manycore SoCs. Online) pp. 426 - 433
Main Authors Wu, Man, Kondo, Masaaki
Format Conference Proceeding
LanguageEnglish
Published IEEE 16.12.2024
Subjects
Bandwidth
Field programmable gate arrays
FPGA
Machine learning
Multicore processing
Network intrusion detection
Network intrusion detection system
on-device learning
Power demand
Real-time systems
semi-supervised learning
Table lookup
Telecommunication traffic
Throughput
Online AccessGet full text
ISSN2771-3075
DOI10.1109/MCSoC64144.2024.00076

Cover

More Information
Summary:Deploying machine learning (ML)/deep learning (DL)-based network intrusion detection system (NIDS) enables intelligent traffic analysis against the increasing sophistication of modern network traffic. However, most existing DL/ML-based NIDSs rely heavily on large-scale models and statistical-based features, which lead to the development of such NIDS for IoT devices being computationally expensive and low throughput, thereby falling against the ever-growing network bandwidth. In this work, we propose a new intrusion detection system on FPGA by using on-device learning to classify network traffic online at high throughput. In particular, the proposed NIDS first introduces the two-level hierarchical raw transmitted bytes for input features. Further, our NIDS employs a lightweight classifier by incorporating a genetic algorithm-based feature selector and on-device sequential learning semi-supervised anomaly detector (ONLAD). These three engines are implemented on the Xilinx ZCU104 FPGA platform for high throughput while supporting model updates online by the on-device learning mechanism. For proof of concept, our results on the CIC-IDS2018 dataset show that the proposed method reaches a maximum throughput of 3,302,010 pps and a supported bandwidth of 39.62 Gbps while maintaining 0.986 AUC score. Moreover, our NIDS allows model updates on-device with a power consumption of 0.703 W and latency of 4.17 us.
ISSN:2771-3075
DOI:10.1109/MCSoC64144.2024.00076