Development of a Fast Programmable Network Intrusion Detection System Based on Decision Diagrams
| Project/Area Number |
16K00079
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system
|
|---|
| Research Institution | Hiroshima City University |
|---|
Principal Investigator |
|
|---|
| Research Collaborator |
Sasao Tsutomu
Butler Jon T.
Wakabayashi Shin'ichi
Inagi Masato
|
|---|
| Project Period (FY) |
2016-04-01 – 2019-03-31
|
| Project Status |
Completed (Fiscal Year 2018)
|
| Budget Amount *help |
¥4,160,000 (Direct Cost: ¥3,200,000、Indirect Cost: ¥960,000)
Fiscal Year 2018: ¥1,300,000 (Direct Cost: ¥1,000,000、Indirect Cost: ¥300,000)
Fiscal Year 2017: ¥1,300,000 (Direct Cost: ¥1,000,000、Indirect Cost: ¥300,000)
Fiscal Year 2016: ¥1,560,000 (Direct Cost: ¥1,200,000、Indirect Cost: ¥360,000)
|
|---|
| Keywords | プログラマブルシステム / ネットワークセキュリティ / ネットワーク侵入検知システム / 機械学習 / 決定グラフ / 論理設計 |
|---|
| Outline of Final Research Achievements |
In this study, we developed a fast programmable network intrusion detection system (NIDS) based on a new type of decision diagrams, Vectorized Edge-Valued Binary Decision Diagrams (VEVBDDs), and its computer aided design tools. At the beginning of the study, we targeted only on intrusion detection by regular expression matching. To keep up with the times and catch up on demand in society, however, we changed the direction of the study and targeted mainly on intrusion detection by machine learning. Although machine learning tends to require large hardware size, we reduce hardware size by using VEVBDDs, and allow an NIDS to be implemented in an FPGA. The developed NIDS on an FPGA succeeded in achieving about 11 to 25 times higher throughput than its corresponding software implementation.
|
| Academic Significance and Societal Importance of the Research Achievements |
本研究では,機械学習(いわゆるAI)によってハッキングなどのネットワーク上の不正侵入を高速に検知するシステムを開発した.不正侵入検知の心臓部となる計算を高速に実行する専用ハードウェアを決定グラフによる新技術で設計したことにより,コンパクトな機器でも従来の約11~25倍に及ぶ処理性能の達成できるようになった.新たな侵入手口にも柔軟に対応できる機能を備えているため,ネットワークにおける安全性と利便性の両立が可能になった.開発したシステムは小型であるため,IoT機器に組込むことができ,身の回りの機器に組込まれるようになれば,より安全で快適なIoT社会が実現されるだろう.
|
Report
(4 results)
Research Products
(33 results)
