18 June 2014 Applying hardware-based machine learning to signature-based network intrusion detection
Author Affiliations +
We present a proof-of-concept of a lightweight and low-power network intrusion detection system (NIDS) using a commercially available neural network chip. Such a system is well-suited to the increasing deployment of low-power devices with ubiquitous internet connectivity. Our proposal makes use of previous work on extracting a feature vector from network packets using a histogram of hashed n-grams. The commercially available CogniMem CM1K device implements a version of the Restricted Coulomb Energy neural network classifier, which was used to classify the resulting feature vectors at high speed and low power. In this paper, we describe our feature extraction technique for network packets and the classification algorithm used by the CM1K chip, and present initial classification results on a fabricated test set. Despite the generality of the RCE algorithm and our ‘plug-in’ approach to the classification task, with no fine-tuning of the hardware to our problem domain, we obtain surprisingly good classification results even on highly imbalanced and restricted training sets.
© (2014) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Garrett Payer, Garrett Payer, Chris McCormick, Chris McCormick, Richard Harang, Richard Harang, "Applying hardware-based machine learning to signature-based network intrusion detection", Proc. SPIE 9097, Cyber Sensing 2014, 909702 (18 June 2014); doi: 10.1117/12.2049890; https://doi.org/10.1117/12.2049890


Back to Top