Heterogeneous Hardware-based Network Intrusion Detection System with Multiple Approaches for SDN

Software-Defined Networking has became one of the most efficient network architectures to deal with complexity, policy control improvement, and vendor dependencies removal. Besides, with the diversity of network attacks, the SDN architecture faces many security issues that need to be taken into account. In this work, we propose an architecture for SDN-based secured forwarding devices (switches) by extending our previous architecture - HPOFS with multiple security functions including lightweight DDoS mechanisms, signature-based and anomaly-based IDS. We implement our architecture on a heterogeneous system including host processors, GPU, and FPGA boards. To the best of our knowledge, this is the first forwarding device for SDN implemented on a heterogeneous system in the literature. Our system not only is enhanced security but also provides a high-speed switching capacity based on the OpenFlow standard. The implemented design on GTX Geforce 1080 G1 for training phase is 14x faster when compared to CPU Intel Core i7 - 4770, 3.4GHz, 16GB of RAM on the Ubuntu version 14.04. The switching function along with three lightweight DDoS detection/prevention mechanisms provide processing speed at 39.48 Gbps on a NetFPGA-10G board (with a Xilinx xc5vtx240t FPGA device). Especially, our neural network models on the NetFPGA-10G board outperform CPU in processing performance by reaching throughputs at 4.84 Gbps. Moreover, the implemented neural network model achieves 99.01% precision with only 0.02% false positive rate when processing a dataset.