FPGA-Based Network Traffic Security: Design and Implementation Using C5.0 Decision Tree Classifier 被引量：2

FPGA-Based Network Traffic Security: Design and Implementation Using C5.0 Decision Tree Classifier

下载PDF

导出

摘要 In this work, a hardware intrusion detection system （IDS） model and its implementation are introduced to perform online real-time traffic monitoring and analysis. The introduced system gathers some advantages of many IDSs： hardware based from implementation point of view, network based from system type point of view, and anomaly detection from detection approach point of view. In addition, it can detect most of network attacks, such as denial of services （DOS）, leakage, etc. from detection behavior point of view and can detect both internal and external intruders from intruder type point of view. Gathering these features in one IDS system gives lots of strengths and advantages of the work. The system is implemented by using field programmable gate array （FPGA）, giving a more advantages to the system. A C5.0 decision tree classifier is used as inference engine to the system and gives a high detection ratio of 99.93%. In this work, a hardware intrusion detection system （IDS） model and its implementation are introduced to perform online real-time traffic monitoring and analysis. The introduced system gathers some advantages of many IDSs： hardware based from implementation point of view, network based from system type point of view, and anomaly detection from detection approach point of view. In addition, it can detect most of network attacks, such as denial of services （DOS）, leakage, etc. from detection behavior point of view and can detect both internal and external intruders from intruder type point of view. Gathering these features in one IDS system gives lots of strengths and advantages of the work. The system is implemented by using field programmable gate array （FPGA）, giving a more advantages to the system. A C5.0 decision tree classifier is used as inference engine to the system and gives a high detection ratio of 99.93%.

作者 Tarek Salah Sobh Mohamed Ibrahiem Amer

机构地区 the Information Systems Department

出处《Journal of Electronic Science and Technology》 CAS 2013年第4期393-403,共11页 电子科技学刊（英文版）

关键词 C5.0 decision tree field programm-able gate array network monitoring network security. C5.0 decision tree, field programm-able gate array, network monitoring, network security.

分类号 TP393.06 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献22

1A. K. Rahuman and G. Athisha, "Reconfigurable hardware architecture for network intrusion detection system," American Journal of Applied Sciences, vol. 9, no. 10, pp. 1618-1624, 2012.
2S. Miihlbach and A. Koch, "NetStage/DPR: A self-reconfiguring platform for active and passive network security operations," Microprocessors and Microsystems, vol. 36, no. 8, pp. 632-643, 2012.
3J. Singaraju and J. A. Chandy, "FPGA based string matching for network processing applications," Microprocessors and Microsystems, vol. 32 no. 4, pp. 210-222, 2008.
4S. Bojani, V. Pejovi, G. Caffarena, V. Milovanovi, C. Carreras, and J. Popovi, "User profiling in FPGA for intrusion detection systems," Information Assurance and Security Letters, vol. 1, no. 1, pp. 12-17, 2010.
5V. P. Sampath, "FPGA based intrusion detection," World Journal of Science and Technology, vol. 1, no. 8, pp. 100--102, 2011.
6802.3-2005: IEEE Standard for Information technology-- Telecommunications and Information Exchange between Systems--Local and Metropolitan Area Networks--Specific requirements Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications, IEEE Computer Society Sponsored by the LAN/MAN Standards Committee, 2005.
7A. Das, D. Nguyen, J. Zambreno, G. Memik, and A. Choudhary "An FPGA-based network intrusion detection architecture," IEEE Trans. on Information Forensics and Security, vol. 3, no. 1, pp. 118-132, 2008.
8J. M. B. Serrano and J. H. Palancar, "String alignment pre-detection using unique subsequences for FPGA-based network intrusion detection," Computer Communications, vol. 35, no. 6, pp. 720-728, 2012.
9T. Katashita, Y. Yamaguchi, A. Maeda, and K. Toda, "FPGA-based intrusion detection system for 10 gigabit Ethemet," IEICE Trans. Inf. & Syst., vol. E90-D, no.12, pp. 1923-1931, 2007.
10X. Support, Spartan-3A/3AN Starter Kit Board User Guide, Xilinx, 2007.

同被引文献16

1姚正.关于决策树分类模型的评分函数研究[J].管理学报,2005,2(S2):166-168. 被引量：4
2韩松来,张辉,周华平.基于关联度函数的决策树分类算法[J].计算机应用,2005,25(11):2655-2657. 被引量：36
3许俊.决策树算法中的连续属性处理方法[J].河北理工学院学报,2007,29(2):71-74. 被引量：1
4林志垒.基于PCA和决策树模型的农用地(耕地)质量评价研究[J].福建师范大学学报（自然科学版）,2008,24(6):99-104. 被引量：7
5徐鹏,林森.基于C4.5决策树的流量分类方法[J].软件学报,2009,20(10):2692-2704. 被引量：169
6陈汇林,陈小敏,陈珍丽,朱乃海,陶忠良.基于MODIS遥感数据提取海南橡胶信息初步研究[J].热带作物学报,2010,31(7):1181-1185. 被引量：29
7谭帅,王福利,常玉清,王姝,周贺.基于差分分段PCA的多模态过程故障监测[J].自动化学报,2010,36(11):1626-1636. 被引量：18
8Ding Liping,Gu jian,Wang Yongji,Wu Jingzheng.Analysis of Telephone Call Detail Records based on Fuzzy Decision Tree[J].China Communications,2010,7(6):120-127. 被引量：1
9Shan-long LU,Le-jun ZOU,Xiao-hua SHEN,Wen-yuan WU,Wei ZHANG.Multi-spectral remote sensing image enhancement method based on PCA and IHS transformations[J].Journal of Zhejiang University-Science A(Applied Physics & Engineering),2011,12(6):453-460. 被引量：8
10王永梅,胡学钢.基于用户兴趣度和MID3决策树改进方法[J].计算机工程与应用,2011,47(27):155-157. 被引量：9

引证文献2

1张丽纯.基于PCA与决策树C5.0相结合的热轧带钢边部翘皮缺陷预测的研究[J].矿冶,2015,24(B11):213-216. 被引量：1
2温立辉.决策树机器学习策略在数据分析中的优化[J].五邑大学学报（自然科学版）,2019,33(3):72-78. 被引量：1

二级引证文献2

1王亚熙.决策树机器学习策略在数据分析中的优化方法[J].数码设计,2019,8(24):46-46.
2马湧,王晓鹏,马莎莎.基于Keras深度学习框架下BP神经网络的热轧带钢力学性能预测[J].冶金自动化,2019,43(2):6-10. 被引量：22

1Shuang DU.Design and Implementation of Computer Network Traffic Monitoring[J].International Journal of Technology Management,2015(2):56-59.
2Jing＇an Ren,Jianping Li.Simulating Network Traffic with a DWT-based Model[J].通讯和计算机（中英文版）,2005,2(11):34-37.
3QIAN Yaguan,WU Chunming,YANG Qiang,WANG Bin.Network Traffic Anomaly Detection Based on Maximum Entropy Model[J].Chinese Journal of Electronics,2012,21(3):579-582. 被引量：4
4Zhang Yong,Li Xiangxue,Zhou Yuan,Li Zhibin,Qian Haifeng.Confidential Procedure Model：a Method for Quantifying Confidentiality Leakage[J].China Communications,2012,9(11):117-126. 被引量：1
5彭勃.Network Traffic分类方法比较分析[J].电脑知识与技术,2013,9(11X):7420-7422.
6Ji-Liang Zhang,Wei-Zheng Wang,Xing-Wei Wang,Zhi-Hua Xia.Enhancing Security of FPGA-Based Embedded Systems with Combinational Logic Binding[J].Journal of Computer Science & Technology,2017,32(2):329-339. 被引量：2
7Bai Chenglin(The Optical Communication Institute).THE DESIGN AND IMPLEMENTATION ON THE NETWORK ENVIRONMENT OF THE MULTIMEDIA INFORMATION PROCESSING SYSTEM[J].聊城大学学报（自然科学版）,1997,15(4):90-94. 被引量：1
8微软或在5月20日发布Mini版Surface[J].信息与电脑（理论版）,2014,0(3):13-13.
9白羽.Design and implementation method of CRM system based module[J].辽宁师范大学学报（自然科学版）,2008,31(4):436-438.
10WANG Ju-quan LIN Fu-sheng SHENG Hong-fei MENG Guan(School of Electrical & Mechanical Engineering,Wuhan Uni-versity of Science and Engineering, Wuhan, 430073)(School of Mechanical Science & Engineering,Huazhong Uni-versity of Science & Technology, Wuhan, 430074)(State Key Laboratory of Mechanical System and Vibration,Shanghai Jiao Tong University, Shanghai, 200240).Design of an Inference Engine Based on BP Network and LabVIEW[J].微计算机信息,2008,24(31):297-299.

Journal of Electronic Science and Technology

2013年第4期

浏览历史

内容加载中请稍等...

FPGA-Based Network Traffic Security: Design and Implementation Using C5.0 Decision Tree Classifier 被引量：2

参考文献22

同被引文献16

引证文献2

二级引证文献2

相关作者

相关机构

相关主题

浏览历史