Distributed IDS using Reconfigurable Hardware

With the rapid growth of computer networks and network infrastructures and increased dependency on the Internet to carry out day-to-day activities, it is imperative that the components of the system are secured. In the last few years a number of intrusion detection systems (IDS) have been developed as network security tools. While considerable progress has been made in the areas of string matching, header processing and detecting DoS attacks at network level. In this paper we are proposing the architecture of a distributed intrusion detection system (DIDS) for use in high-speed networks. The proposed DIDS has host IDS component at each host that combines the above-mentioned functionalities. DIDS consists of central IDS component which performs sophisticated processing to detect any signs of distributed attacks on the entire network and update rules in each host system. It is essential to use hardware systems or software with hardware accelerators. The proposed DIDS is a custom hardware implemented on field programmable gate arrays (FPGAs). This allows the introduction of higher degree of parallelism than might be possible in software at a reasonable cost. The nature of future attacks to the Internet´s infrastructure is difficult to predict, and partial reconfigurability feature of FPGA will allow the system to be adapted to a constant change allowing the system to adapt to new threats.