FPGA/AI-Powered Architecture for Anomaly Network Intrusion Detection Systems

Abstract

This paper proposes an architecture to develop machine learning/deep learning models for anomaly network intrusion detection systems on reconfigurable computing platforms. We build two models to validate the framework: Anomaly Detection Autoencoder (ADA) and Artificial Neural Classification (ANC) in the NetFPGA-sume platform. Three published data sets NSL-KDD, UNSW-NB15, and CIC-IDS2017 are used to test the deployed models’ throughput, latency, and accuracy. Experimental results with the NetFPGA-SUME show that the ADA model uses 20.97% LUTs, 15.16% FFs, 19.42% BRAM, and 6.81% DSP while the ANC model requires 21.39% LUTs, 15.19% FFS, 14.59% BRAM, and 3.67% DSP. ADA and ANC achieve a bandwidth of up to 28.7 Gbps and 34.74 Gbps, respectively. In terms of throughput, ADA can process at up to 18.7 Gops, while ADA can offer 10 Gops with different datasets. With the NSL-KDD dataset, the ADA model achieves 90.87% accuracy and a false negative rate of 4.86%. The ANC model with UNSW-NB15 and CIC-IDS2017 obtains accuracy of 87.49% and 98.22%, respectively, with the false negative rates achieving 2.0% and 6.2%, respectively.