Abstract
|
The Internet is a collection of shared resources. Basic services of information security include verification, preserving data integrity, providing non-repudiation and ensuring secrecy. Due to increasing incidents of cyber attacks and, building effective intrusion detection systems (IDSs) are essential for protecting information system security, and yet it remains an elusive goal and a great challenge. The purpose of this paper is to provide a novel IDS using reconfigurable FPGA based hardware to provide confidentiality, data integrity, authentication and non-repudiation. The results obtained confirm that the proposed dynamically reconfigurable FPGA based network security design is able to monitor higher speed networks compared to conventional schemes. By parallelizing the tasks of reassembling TCP packets on the server and the client on a FPGA the performance of the IDS is greatly improved. However, on the use of FPGA based IDS there is a reported limitation that as the reconfigurable circuit becomes large, the reliability of the circuit becomes important and inherently testable and fault tolerant schemes need to coexist in case of any hardware fault. Hence, in this work, algorithms that can cause autonomous restructuring are made to co-exist along with the reconfigurable architectures. The status of internal Configurable Logic Blocks (CLBs) of the reconfigurable circuit is monitored, and, if found faulty, they are restructured with spare CLBs both functionally and structurally. Implementation results show that the FPGA based IDS system is inherently self-healing.
|