Title: SoC-based abnormal ethernet packet detector with automatic rule-set generator

Authors: Jiwoong Kang; Jaehyun Park

Addresses: Department of Information and Communication Engineering, Inha University, Incheon, 22212, South Korea ' Department of Information and Communication Engineering, Inha University, Incheon, 22212, South Korea

Abstract: The importance of a high performance network intrusion detection system (NIDS) has rapidly increased in the modern complex computer network. In order to keep up with the increasing demand for high performance in the fast network, a hardware-based rather than software-based NIDS is necessarily required. In this paper, a system on chip (SoC)-based ethernet packet detector that supports an automatic ruleset generator is proposed. The proposed ruleset generator automatically constructs the whitelist ruleset from the collected ethernet packets. The whitelist ruleset is composed of 6-tuples; MAC address, IP address, and TCP/UDP port number of source and destination network nodes, which has been widely used by the commercial NIDS software. The prototype system has been implemented using the Xilinx's Zynq-7030 SoC running at 250 MHz. The network header of the ethernet packets is compared to the 256 whitelist ruleset within 0.032 μsec, which means that the malicious packets from the abnormal network nodes are filtered out even before the whole packets arrives.

Keywords: ethernet packet detector; network intrusion detection system; system on chip; SoC.

DOI: 10.1504/IJICS.2022.122372

International Journal of Information and Computer Security, 2022 Vol.17 No.3/4, pp.219 - 230

Received: 15 Mar 2018
Accepted: 14 Feb 2019
Published online: 22 Apr 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article