SoC-based abnormal ethernet packet detector with automatic rule-set generator

The importance of a high performance network intrusion detection system (NIDS) has rapidly increased in the modern complex computer network. In order to keep up with the increasing demand for high performance in the fast network, a hardware-based rather than software-based NIDS is necessarily required. In this paper, a system on chip (SoC)-based ethernet packet detector that supports an automatic ruleset generator is proposed. The proposed ruleset generator automatically constructs the whitelist ruleset from the collected ethernet packets. The whitelist ruleset is composed of 6-tuples; MAC address, IP address, and TCP/UDP port number of source and destination network nodes, which has been widely used by the commercial NIDS software. The prototype system has been implemented using the Xilinx's Zynq-7030 SoC running at 250 MHz. The network header of the ethernet packets is compared to the 256 whitelist ruleset within 0.032 μsec, which means that the malicious packets from the abnormal network nodes are filtered out even before the whole packets arrives.