A reconfigurable architecture for network intrusion detection using principal component analysis

David T. Nguyen, Gokhan Memik, Alok Choudhary
2006 Proceedings of the internation symposium on Field programmable gate arrays - FPGA'06  
In this paper, we develop an architecture for principal component analysis (PCA) to be used as an outlier detection method for high-speed network intrusion detection systems (NIDS). PCA is a common statistical method used in multivariate optimization problems in order to reduce the dimensionality of data while retaining a large fraction of the data characteristic. First, PCA is used to project the training set onto eigenspace vectors representing the mean of the data. These eigenspace vectors
more » ... e then used to predict malicious connections in a workload containing normal and attack behavior. Our simulations show that our architecture correctly classifies attacks with detection rates exceeding 99% and false alarms rates as low as 1.95%. For next generation NIDS, anomaly detection methods must satisfy the demands of Gigabit Ethernet. FPGAs are an attractive medium to handle both high throughput and adaptability to the dynamic nature of intrusion detection. Using hardware parallelism and extensive pipelining, our architecture is implemented on FPGAs to achieve Gigabit link speeds.
doi:10.1145/1117201.1117262 dblp:conf/fpga/NguyenMC06 fatcat:icou4tbqlvhffpdyiqwohm7mqm