S.Ya. Hilgurt
Èlektron. model. 2022, 44(5):03-24
https://doi.org/10.15407/emodel.44.05.003
ABSTRACT
Recently, various approaches have been successfully used in information security tools to detect harmful activity, including artificial intelligence technologies. But only the signature approach can completely eliminate recognition errors. That is especially important for critical infrastructure objects. One of the main disadvantages of signature tools is the high computational complexity. Therefore, the developers of such systems turn to hardware implementation, primarily on a reconfigurable platform, that is, using FPGAs. The ability to quickly reprogram FPGAs gives reconfigurable security systems unprecedented flexibility and adaptive possibilities. There are many different approaches to the construction of hardware pattern matching circuits (that are parts of signatures). Choosing the optimal technical solution for recognizing a specific set of patterns is a non-trivial task. For a more efficient distribution of patterns between components, it is necessary to solve an optimization task, the objective function of which includes the quantitative technical characteristics of hardware recognition schemes. Finding these values at each step of the algorithm by performing the full digital circuit synthesis procedure by the CAD is an unacceptably slow approach. The method proposed in this study for the accelerated quantitative evaluation of components of reconfigurable signature-based security systems, based on the use of the so-called evaluation functions, allows solving the problem.
KEYWORDS
signature-based security system, NIDS, multi-pattern string matching, FPGA, quantification
REFERENCES
- Smyth, B. (2003), Computing Patterns in Strings, Pearson Addison Wesley, Essex, England.
- Chen, H., Chen, Y. and Summerville, D.H. (2011), "A Survey on the Application of FPGAs for Network Infrastructure Security", IEEE Communications Surveys and Tutorials, Vol. 13, 4, pp. 541-561, available at:
https://doi.org/10.1109/SURV.2011.072210.00075 - Hilhurt, S.Ya. (2013), "Reconfigurable Accelerators: Analytical Review", Elektronne modelyuvannya, Vol. 35, no. 4, pp. 49-72.
- Abdulhammed, R., Faezipour, M. and Elleithy, K.M. (2016), "Network Intrusion Detection Using Hardware Techniques: A Review", IEEE Long Island Systems, Applications and Technology Conference (LISAT'16), April 2016, pp. 1-7, available at: https://doi.org/10.1109/LISAT.2016.7494100
- Jyothi, V., Addepalli, S.K. and Karri, R. (2018), "DPFEE: A High Performance Scalable Pre-Processor for Network Security Systems", IEEE Transactions on Multi-Scale Computing Systems, Vol. 4, no. 1, pp. 55-68, available at: https://doi.org/10.1109/TMSCS.2017.2765324
- Evdokimov, V.F., Davydenko, A.N. and Hilgurt, S.Ya. (2018), "Additional stages of the procedure for online reconfiguration of hardware accelerators for information security tasks", Modelyuvannya ta informatsiyni tekhnolohiyi, Vol. 85, pp. 3-11.
- AMD, Xilinx, available at: www.xilinx.com (accessed: June 27, 2022).
- Evdokimov, V.F., Davydenko, A.N. and Hilgurt, S.Ya. (2017), "Organization of centralized generation of configuration files for hardware accelerators of information security tasks", Modelyuvannya ta informatsiyni tekhnolohiyi, Vol. 81, pp. 3-11.
- Hilgurt, S. (2019), "Constructing Optimal Reconfigurable Pattern Matching Tools for Information Security", Bezpeka informatsiyi, Vol. 25, no. 2, pp. 74-81, available at: https://doi.org/10.18372/2225-5036.25.13824
- Hilgurt, S.Ya. (2021), "A Survey on Hardware Solutions for Signature-Based Security Systems", 1st International Workshop on Information Technologies: Theoretical and Applied Problems 2021 (ITTAP 2021), Ternopil, Ukraine, November 16-18, 2021, Vol. 3039, pp. 6-23, available at: http://ceur-ws.org/Vol-3039.
- Cho, Y.H. and Mangione-Smith, W.H. (2004), "Deep Packet Filter With Dedicated Logic and Read Only Memories", 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Proceedings, pp. 125-134, available at: https://doi.org/10.1109/fccm. 25.
- Sourdis, I., Pnevmatikatos, D.N. and Vassiliadis, S. (2008), "Scalable Multigigabit Pattern Matching for Packet Inspection", IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Vol. 16, no. 2, pp. 156-166, available at: https://doi.org/10.1109/tvls1. 912036.
- Bloom, B.H. (1970), "Space/Time Trade-offs in Hash Coding with Allowable Errors", Communications of the ACM, Vol. 13, no. 7, pp. 422-426, available at: https://doi.org/10.1145/362686.362692
- Geravand, S. and Ahmadi, M. (2013), "Bloom Filter Applications in Network Security: a State-of-the-Art Survey", Computer Networks, Vol. 57, no. 18, pp. 4047-4064, available at: https://doi.org/10.1016/j.comnet.2013.09.003
- Aho, A.V. and Corasick, M.J. (1975), "Efficient String Matching: an Aid to Bibliographic Search", Communications of the ACM, Vol. 18, no. 6, pp. 333-340, available at: https://doi.org/10.1145/360825.360855
- Jiang, W., Yang, Y.H.E. and Prasanna, V.K. (2010), "Scalable Multi-Pipeline Architecture for High Performance Multi-Pattern String Matching", 24th IEEE International Parallel and Distributed Processing Symposium (IPDPS'10), Atlanta, GA, April 19-23, 2010, pp. 1-12, available at: https://doi.org/10.1109/IPDPS.2010.5470374
- Hilgurt, S.Ya. (2019), "Constructing CAMs Based on Digital Comparators by Reconfigurable Means for Solving Network Security Tasks", Elektronne modelyuvannya, Vol. 41, no. 3, pp. 59-80, available at: https://doi.org/10.15407/emodel.41.03.059
- Hilgurt, S. (2019), "Constructing Bloom Filters by Reconfigurable Means for Solving Information Security Tasks", Bezpeka informatsiyi, Vol. 35, no. 1, pp. 53-58, available at: https://doi.org/10.18372/2225-5036.25.13594
- Hilgurt, S. (2019), "Constructing Deterministic Finite Automata by Reconfigurable Means for Solving Information Security Tasks", Zakhyst informatsiyi, Vol. 21, no. 2, pp. 111-120, available at: https://doi.org/10.18372/2410-7840.21.13768
- Hilgurt, S.Ya. (2021), "Comparative Analysis of Approaches to the Building of Reconfigurable Security Tools Components", Problemy informatyzatsiyi ta upravlinnya, Vol. 2, no. 66, pp. 17-26, available at: https://doi.org/10.18372/2073-4751.66.15712.
- AMD, Xilinx "Virtex® UltraScale+™ HBM FPGAs provide the highest on-chip memory density with up to 500Mb of total on-chip integrated memory, plus up to 16GB of high-bandwidth memory (HBM) Gen2 integrated in-package for 460GB/s of memory bandwidth", available at: www.xilinx.com/products/silicon-devices/fpga/virtex-ultrascale- plus-hbm.html (accessed 27.07.2022).
- Huang, J., Yang, Z.K., Du, X. and Liu, W. (2006), "FPGA Based High Speed and Low Area Cost Pattern Matching", IEEE Region 10 Conference (TENCON 2005), Melbourne, Australia, November 21-24, 2005, pp. 2693-2697, available at: https://doi.org/10.1109/TENCON.2005.300988
- Sourdis, I. and Pnevmatikatos, D. (2003), "Fast, Large-Scale String Match for a 10gbps FPGA-Based Network Intrusion Detection System", Field-Programmable Logic and Applications, Vol. 2778, pp. 880-889, available at: https://doi.org/10.1007/978-3-540-45234-8_85