Feature dimensionality in CNN acceleration for high-throughput network intrusion detection

Abstract

With the ever increasing need for better cybersecurity, and due to the continuous growth of network traffic bandwidths, there is a continuous pursuit of faster and smarter network intrusion detection systems. Neural network-based solutions on FPGAs are very effective in detecting different types of attacks, but have problems with analyzing network traffic online at line speed. One important bottleneck that limits the throughput in raw traffic-based existing systems, is the input shape of the features that are extracted from the raw data. In this work, we propose new methods for extracting and representing features based on raw network traffic in online network intrusion detection systems. We show that feature dimensionality has a significant influence on the classification accuracy and the throughput. Our experiments are based on FPGA-based neural networks accelerated through FINN. We compare three newly proposed input shapes to the traditional 2D-based approach, and we show that two of the presented techniques greatly surpass the state-of-the-art with regards to accuracy and throughput. Our best architecture reaches a maximum bandwidth of 23.09 Gbps, while maintaining over 99% accuracy on both the UNSW-NB15 and CICIDS2017 datasets.