FPGA-based Real-time Abnormal Packet Detector for Critical Industrial Network

초록

As the information technology plays an important role in the smart factories, Ethernet-based industrial network has rapidly replaced the traditional field buses. To maintain this critical network secure, it is important to develop the realtime network intrusion detection system (NIDS). The widely used NIDS was developed for the general Internet environment where the average throughput to protect attacks from the large number of unknown network nodes is more important than the real-time detection capability. However, in the critical industrial network, the real-time protection is more important than the average throughput. In this paper, a FPGA-based abnormal Ethernet packet detector is proposed. Since it is designed for the closed industry network, packet detection is based on the whitelist that consists of the allowed network address and protocol numbers. The prototype system has been implemented using the Xilinx Zynq-7030 SoC running at 250MHz. The network header of the Ethernet packet is compared to the 256 whitelist ruleset within 0.032sec, which means that the malicious packets from the abnormal network nodes are filtered out even before the whole packets arrives. This real-time packet filtering feature is useful in protecting highly secure network systems like the critical industrial control systems.