A high throughput Intrusion Detection System (IDS) to enhance the security of data transmission among research centers

• URL: http://arxiv.org/abs/2311.06082v1
• Date: Fri, 10 Nov 2023 14:30:00 GMT
• Title: A high throughput Intrusion Detection System (IDS) to enhance the security of data transmission among research centers
• Authors: Marco Grossi, Fabrizio Alfonsi, Marco Prandini, Alessandro Gabrielli,
• Abstract summary: This paper presents a packet sniffer that was designed using a commercial FPGA development board. The system can support a data throughput of 10 Gbit/s with preliminary results showing that the speed of data transmission can be reliably extended to 100 Gbit/s. It is particularly suited for the security of universities and research centers, where point-to-point network connections are dominant.
• Score: 39.65647745132031
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Data breaches and cyberattacks represent a severe problem in higher education institutions and universities that can result in illegal access to sensitive information and data loss. To enhance the security of data transmission, Intrusion Prevention Systems (IPS, i.e., firewalls) and Intrusion Detection Systems (IDS, i.e., packet sniffers) are used to detect potential threats in the exchanged data. IPSs and IDSs are usually designed as software programs running on a server machine. However, when the speed of exchanged data is too high, this solution can become unreliable. In this case, IPSs and IDSs designed on a real hardware platform, such as ASICs and FPGAs, represent a more reliable solution. This paper presents a packet sniffer that was designed using a commercial FPGA development board. The system can support a data throughput of 10 Gbit/s with preliminary results showing that the speed of data transmission can be reliably extended to 100 Gbit/s. The designed system is highly configurable by the user and can enhance the data protection of information transmitted using the Ethernet protocol. It is particularly suited for the security of universities and research centers, where point-to-point network connections are dominant and large amount of sensitive data are shared among different hosts.

Related papers

• Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
  Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks. In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
  arXiv  Detail & Related papers  (2024-03-29T12:01:31Z)
• SISSA: Real-time Monitoring of Hardware Functional Safety and Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
  We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication. Extensive experimental results show the effectiveness and efficiency of SISSA.
  arXiv  Detail & Related papers  (2024-02-21T03:31:40Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Fortress: Securing IoT Peripherals with Trusted Execution Environments [2.2476099815732518]
  Internet of Things (IoT) devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. We propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE) The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud.
  arXiv  Detail & Related papers  (2023-12-05T07:12:58Z)
• Prevention of cyberattacks in WSN and packet drop by CI framework and information processing protocol using AI and Big Data [0.0]
  This study integrates a cognitive intelligence (CI) framework, an information processing protocol, and sophisticated artificial intelligence (AI) and big data analytics approaches. The framework is capable of detecting and preventing several forms of assaults, including as denial-of-service (DoS) attacks, node compromise, and data tampering. It is highly resilient to packet drop occurrences, which improves the WSN's overall reliability and performance.
  arXiv  Detail & Related papers  (2023-06-15T19:00:39Z)
• Cross-Layered Distributed Data-driven Framework For Enhanced Smart Grid Cyber-Physical Security [3.8237485961848128]
  Cross-Layer Ensemble CorrDet with Adaptive Statistics is presented. It integrates the detection of faulty SG measurement data as well as inconsistent network inter-arrival times and transmission delays. Results show that CECD-AS can detect multiple False Data Injections, Denial of Service (DoS) and Man In The Middle (MITM) attacks with a high F1-score.
  arXiv  Detail & Related papers  (2021-11-10T00:00:51Z)
• Towards a Privacy-preserving Deep Learning-based Network Intrusion Detection in Data Distribution Services [0.0]
  Data Distribution Service (DDS) is an innovative approach towards communication in ICS/IoT infrastructure and robotics. Traditional intrusion detection systems (IDS) do not detect any anomalies in the publish/subscribe method. This report presents an experimental work on simulation and application of Deep Learning for their detection.
  arXiv  Detail & Related papers  (2021-06-12T12:53:38Z)
• Multi-Source Data Fusion for Cyberattack Detection in Power Systems [1.8914160585516038]
  We show that fusing information from multiple data sources can help identify cyber-induced incidents and reduce false positives. We perform multi-source data fusion for training IDS in a cyber-physical power system testbed. Results are presented using the proposed data fusion application to infer False Data and Command injection-based Man-in- The-Middle attacks.
  arXiv  Detail & Related papers  (2021-01-18T06:34:45Z)
• Data Mining with Big Data in Intrusion Detection Systems: A Systematic Literature Review [68.15472610671748]
  Cloud computing has become a powerful and indispensable technology for complex, high performance and scalable computation. The rapid rate and volume of data creation has begun to pose significant challenges for data management and security. The design and deployment of intrusion detection systems (IDS) in the big data setting has, therefore, become a topic of importance.
  arXiv  Detail & Related papers  (2020-05-23T20:57:12Z)
• CryptoSPN: Privacy-preserving Sum-Product Network Inference [84.88362774693914]
  We present a framework for privacy-preserving inference of sum-product networks (SPNs) CryptoSPN achieves highly efficient and accurate inference in the order of seconds for medium-sized SPNs.
  arXiv  Detail & Related papers  (2020-02-03T14:49:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.