A High-Performance FPGA-Based Feature Engineering Architecture for Intrusion Detection System in SDN Networks

Software-defined networking (SDN) has been seen as a next-generation networking architecture that separates the control plane and data plane to make networks agile and flexible. However, the nature of software-based centralized control makes this emerging architecture vulnerable to cyber security issues. In this paper, we propose to build and integrate a high-performance machine learning-based Network Intrusion Detection System (NIDS) for SDN. Particularly, we leverage co-design HW/SW techniques to accelerate and improve the performance of NIDS. We design and implement an FPGA-based feature engineering processor for data dimensionality reduction based on AutoEncoder for NIDS, and deploy in a high-speed NetFPGA-SUME platform. The experiment results show that the proposed design approximately occupies 16% of LUTs, FFs, BRAMs, and 23% DSPs hardware resources. The maximum frequency of the design prototype is 233 MHz. The performance of Autoencoder on NSL-KDD feature data is presented through bandwidth and the packet processing time with the reconstruction loss from hardware encode data with original data is 0.00077.