Skip to main content
SpringerLink
Log in

Towards Real-Time Deep Learning-Based Network Intrusion Detection on FPGA

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12809))

Included in the following conference series:

Abstract

Traditionally, network intrusion detection systems identify attacks based on signatures, rules, events or anomaly detection. More and more research investigates the application of deep learning techniques for this purpose. Deep learning significantly increases detection performance, and can abolish the need for expert knowledge-intensive feature extraction. The use of deep learning for network intrusion detection also has a major disadvantage, however, as it is not deployed yet in real-time implementations. In this paper, we propose two approaches that facilitate the transition towards functional real-time implementations: (1) the use of flow buckets to collect raw traffic-based features, and (2) the acceleration of neural network architectures for intrusion detection using the Xilinx FINN toolchain for FPGAs. We obtain promising results that show our flow bucket approach does not deteriorate detection performance when compared to traditional approaches, and we lay a foundation to further build on with respect to accelerating deep learning algorithms for network intrusion detection on FPGA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The three features are one-hot encoded to 3, 11 and 70 values respectively.

  2. 2.

    https://fastmachinelearning.org/hls4ml/.

  3. 3.

    https://www.xilinx.com/products/design-tools/vitis/vitis-ai.html.

  4. 4.

    https://gitlab.com/EAVISE/real-time-dl-nids-on-fpga.

  5. 5.

    The DR is commonly used in intrusion detection literature to denote the recall.

References

  1. KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  2. Abdulhammed, R., Musafer, H., Alessa, A., Faezipour, M., Abuzneid, A.: Features dimensionality reduction approaches for machine learning based network intrusion detection. Electronics 8, 322 (2019)

    Article  Google Scholar 

  3. Al-Qatf, M., Lasheng, Y., Al-Habib, M., Al-Sabahi, K.: Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access 6, 52843–52856 (2018)

    Article  Google Scholar 

  4. Alrawashdeh, K., Purdy, C.: Toward an online anomaly intrusion detection system based on deep learning. In: 2016 15th IEEE ICMLA, pp. 195–200, December 2016

    Google Scholar 

  5. Andrade Maciel, L., Alcântara Souza, M., Cota de Freitas, H.: Reconfigurable FPGA-based K-means/K-modes architecture for network intrusion detection. IEEE TCAS-II 67(8), 1459–1463 (2020)

    Google Scholar 

  6. Blott, M., et al.: FINN-R: an end-to-end deep-learning framework for fast exploration of quantized neural networks. ACM TRETS 11(3), 1–23 (2018)

    Google Scholar 

  7. Chuan-long, Y., Yue-fei, Z., Jin-long, F., Xin-zheng, H.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)

    Article  Google Scholar 

  8. Das, A., Nguyen, D., Zambreno, J., Memik, G., Choudhary, A.: An FPGA-based network intrusion detection architecture. IEEE Trans. Inf. Forensics Secur. 3(1), 118–132 (2008)

    Article  Google Scholar 

  9. Ding, Y., Zhai, Y.: Intrusion detection system for NSL-KDD dataset using convolutional neural networks. In: Proceedings of 2018 CSAI (CSAI 2018), pp. 81–85. ACM, New York (2018)

    Google Scholar 

  10. García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1), 18–28 (2009)

    Article  Google Scholar 

  11. Ioannou, L., Fahmy, S.A.: Network intrusion detection using neural networks on FPGA SoCs. In: 2019 29th FPL, pp. 232–238, September 2019

    Google Scholar 

  12. Kim, T., Suh, S.C., Kim, H., Kim, J., Kim, J.: An encoding technique for CNN-based network anomaly detection. In: IEEE BigData, pp. 2960–2965, December 2018

    Google Scholar 

  13. Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. Adv. NIPS 25, 1097–1105 (2012)

    Google Scholar 

  14. Le Jeune, L., Goedemé, T., Mentens, N.: Machine learning for misuse-based network intrusion detection: overview, unified evaluation and feature choice comparison framework. IEEE Access 9, 63995–64015 (2021)

    Article  Google Scholar 

  15. LeNail, A.: NN-SVG: publication-ready neural network architecture schematics. J. Open Source Softw. 4(33), 747 (2019). https://doi.org/10.21105/joss.00747

    Article  Google Scholar 

  16. Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A., Lloret, J.: Shallow neural network with kernel approximation for prediction problems in highly demanding data networks. Expert Syst. Appl. 124, 196–208 (2019)

    Article  Google Scholar 

  17. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 MilCIS, pp. 1–6, November 2015

    Google Scholar 

  18. Murovič, T., Trost, A.: Massively parallel combinational binary neural networks for edge processing. Elektrotehniski Vestnik/Electrotech. Rev. 86, 47–53 (2019)

    Google Scholar 

  19. Ngo, D.M., Pham-Quoc, C., Thinh, T.N.: Heterogeneous hardware-based network intrusion detection system with multiple approaches for SDN. Mob. Netw. Appl. 25(3), 1178–1192 (2020)

    Article  Google Scholar 

  20. Ngo, D.-M., Tran-Thanh, B., Dang, T., Tran, T., Thinh, T.N., Pham-Quoc, C.: High-throughput machine learning approaches for network attacks detection on FPGA. In: Vinh, P.C., Rakib, A. (eds.) ICCASA/ICTCC -2019. LNICST, vol. 298, pp. 47–60. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34365-1_5

    Chapter  Google Scholar 

  21. Pappalardo, A.: Xilinx/brevitas. https://doi.org/10.5281/zenodo.3333552

  22. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435–2463 (1999)

    Article  Google Scholar 

  23. Roesch, M.: Snort - lightweight intrusion detection for networks. In: 13th USENIX Conference on System Administration (LISA 1999), pp. 229–238. USENIX Association, USA (1999)

    Google Scholar 

  24. Sharafaldin, I., Habibi Lashkari, A., Ghorbani, A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th ICISSP, Portugal, pp. 108–116 (2018)

    Google Scholar 

  25. Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: 10th ACM CCS (CCS 2003), pp. 262–271. ACM, New York (2003)

    Google Scholar 

  26. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE CISDA, pp. 1–6, July 2009

    Google Scholar 

  27. Tran, C., Vo, T.N., Thinh, T.N.: HA-IDS: a heterogeneous anomaly-based intrusion detection system. In: NAFOSTED NICS, vol. 2017, pp. 156–161 (2017)

    Google Scholar 

  28. Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)

    Article  Google Scholar 

  29. Umuroglu, Y., Akhauri, Y., Fraser, N.J., Blott, M.: LogicNets: co-designed neural networks and circuits for extreme-throughput applications. In: FPL, vol. 2020, pp. 291–297 (2020)

    Google Scholar 

  30. Umuroglu, Y., et al.: FINN: a framework for fast, scalable binarized neural network inference. In: Proceedings of the 2017 ACM/SIGDA FPGA, pp. 65–74. ACM (2017)

    Google Scholar 

  31. Wang, W., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2018)

    Article  Google Scholar 

  32. Zhang, J., Zulkernine, M., Haque, A.: Random-forests-based network intrusion detection systems. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 38(5), 649–659 (2008)

    Google Scholar 

  33. Zhang, Y., Chen, X., Guo, D., Song, M., Teng, Y., Wang, X.: PCCN: parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows. IEEE Access 7, 119904–119916 (2019)

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported by COllective Research NETworking (CORNET) and funded by VLAIO under grant number HBC.2018.0491. This work is also supported by CyberSecurity Research Flanders with reference number VR20192203.

Author information

Authors and Affiliations

  1. ES&S - imec-COSIC, ESAT, KU Leuven, Leuven, Belgium

    Laurens Le Jeune & Nele Mentens

  2. EAVISE - PSI, ESAT, KU Leuven, Leuven, Belgium

    Laurens Le Jeune & Toon Goedemé

  3. LIACS, Leiden University, Leiden, The Netherlands

    Nele Mentens

Authors
  1. Laurens Le Jeune
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Toon Goedemé
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nele Mentens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Laurens Le Jeune .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Strathclyde, Glasgow, UK

    Chuadhry Mujeeb Ahmed

  3. ICIS, Radboud University, Nijmegen, The Netherlands

    Lejla Batina

  4. Singapore University of Technology and Design, Singapore, Singapore

    Sudipta Chattopadhyay

  5. LIACS, Leiden University, Leiden, The Netherlands

    Olga Gadyatskaya

  6. Centrum Wiskunde & Informatica, Amsterdam, The Netherlands

    Chenglu Jin

  7. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  8. University of Padua, Padua, Italy

    Eleonora Losiouk

  9. University of Kansas, Lawrence, KS, USA

    Bo Luo

  10. CIISE, Concordia University, Montréal, Canada

    Suryadipta Majumdar

  11. New York University, Abu Dhabi, United Arab Emirates

    Mihalis Maniatakos

  12. Illinois at Singapore Pte Ltd, Singapore, Singapore

    Daisuke Mashima

  13. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  14. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  15. SECOM Co., Ltd., Tokyo, Japan

    Masaki Shimaoka

  16. University of Aizu, Aizu-Wakamatsu, Japan

    Chunhua Su

  17. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Le Jeune, L., Goedemé, T., Mentens, N. (2021). Towards Real-Time Deep Learning-Based Network Intrusion Detection on FPGA. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2021. Lecture Notes in Computer Science(), vol 12809. Springer, Cham. https://doi.org/10.1007/978-3-030-81645-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-81645-2_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-81644-5

  • Online ISBN: 978-3-030-81645-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation