SoC-based Abnormal Ethernet Packet Detector for a High Performance Intrusion Detection System

초록

In this paper, a high performance intrusion detection system (IDS) based on SoC (System on Chip) is proposed. The proposed system uses FPGA to detect 6-tuple (destination and source MAC address, IP address, port number). It also provides an interface for users to manage intrusion detection rules. The IDS identifies abnormal packets by comparing the received packet header information with the whitelist rule stored in the dual port block RAM (BRAM) in real time while the Ethernet packet is received. The implemented prototype uses 3.87% LUT, 2.27% Flip-Flop, and 26.88% block RAM of Zynq-7030 SoC.