ESTIMATION OF COUNTING BLOOM FILTER HARDWARE COSTS FOR FPGA-BASED CYBERSECURITY SYSTEMS

Authors

DOI:

https://doi.org/10.31474/2786-9024/v2i2(34).313785

Keywords:

NIDS, multi-pattern matching, FPGA, Bloom filter with counters, hardware costs

Abstract

The objective of the study is to research possible solutions and ways of practical implementation regarding the organization of dynamic changing the list of patterns that are matched by the hardware (FPGA-based) Bloom filter in the signature cybersecurity systems, such as network intrusion detection systems, antiviruses, spam filters, etc. Changing the list of patterns means both adding and removing elements from the list of patterns that the signature system searches in the incoming data stream, in particular in the bodies of network traffic packets.

To achieve the goal, the principles of construction and functioning of the Bloom filter, its advantages and disadvantages compared to other matching schemes in terms of known performance indicators are analyzed in the work. The modifications and variations proposed by developers to improve its characteristics during the entire period of use in computer network cybersecurity systems are considered. The features of the hardware implementation of the Bloom filter on the FPGAs are analyzed.

The one of two discovered approaches to solve the problem of dynamic readjustment, that provides greater speed due to changing the hardware structure of the device, namely the Bloom filter with counters, is considered in the work. On the example of one of the hardware scheme modifications, the so-called simplified Bloom filter, a possible option for building its digital structure is considered. To increase the efficiency of the process of developing cybersecurity systems using this scheme, a hardware resource evaluation function has been created, which allows you to find the quantitative characteristics of the cost for synthesizing FPGA-based digital devices without performing the time-consuming procedure of full project compilation. A preliminary comparison of the obtained expression with the evaluation function for the scheme of the simplified Bloom filter without counters was carried out.

Author Biography

Serhii Hilgurt, Georgy Pukhov Institute for Modelling in Energy Engineering of the National Academy of Sciences of Ukraine

Senior researcher of the Department of Mathematical and Econometric Modeling of the IPME

References

B. H. Bloom, “Space/Time Trade-offs in Hash Coding with Allowable Errors”, Communications of the ACM, Article vol. 13, no. 7, pp. 422-426, 1970, doi: 10.1145/362686.362692.

D. V. Pryor, M. R. Thistle, and N. Shirazi, “Text searching on Splash 2”, in IEEE Workshop on FPGAs for Custom Computing Machines, 1993, pp. 172-177.

S. Ya. Hilgurt, “Accelerated Quantitative Evaluation of Components of FPGA-Based Security Systems”, Electronic Modeling, vol. 44, no. 5, pp. 3-24, 2022, doi: 10.15407/emodel.44.05.003. (In Ukrainian).

S. Dharmapurikar, M. Attig, and J. Lockwood, “Design and Implementation of a String Matching System for Network Intrusion Detection using FPGA-based Bloom Filters”, in All Computer Science and Engineering Research, Washington University in St. Louis, 2004, WUCSE-2004-12.

R. Patgiri, S. Nayak, and N. B. Muppalaneni, “Is Bloom Filter a Bad Choice for Security and Privacy? ”, 2021 International Conference on Information Networking (ICOIN), Jeju Island, Korea (South), pp. 648-653, 2021, doi: 10.1109/ICOIN50884.2021.9333950.

S. Ya. Hilgurt, “Pattern Handling for Quantifying Hardware Components of Signature-Based Cybersecurity Systems”, Proceedings of the 2nd International Workshop on Information Technologies: Theoretical and Applied Problems (ITTAP 2022), Ternopil, Ukraine, Nov. 22-24, 2022. – CEUR Workshop Proceedings, vol. 3309, pp. 83-93, 2022, Available online: https://ceur-ws.org/Vol-3309/paper7.pdf.

R. Patgiri, S. Nayak, and S. K. Borgohain, “Hunting the Pertinency of Bloom Filter in Computer Networking and Beyond: A Survey”, Journal of Computer Networks and Communications, 2019, 2712417, 10 pages, doi: 10.1155/2019/2712417.

L. Luo, D. Guo, R. T. B. Ma, O. Rottenstreich, and X. Luo, “Optimizing Bloom Filter: Challenges, Solutions, and Comparisons”, in IEEE Communications Surveys & Tutorials, vol. 21, no. 2, 2019, pp. 1912-1949, doi: 10.1109/COMST.2018.2889329.

S. Geravand, and M. Ahmadi, “Bloom filter applications in network security: A state-of-the-art survey”, Computer Networks, Article vol. 57, no. 18, pp. 4047-4064, Dec 2013, doi: 10.1016/j.comnet.2013.09.003.

M. A. Owaid, and O. A. Dawood, “A survey in privacy-preserving by bloom filters”, in Proceedings of the 4th international computer sciences and informatics conference (ICSIC 2022), 28-29 June 2022, Amman, Jordan, 2022, doi: 10.1063/5.0174813.

M. A. Ferrag, M. Babaghayou, and M. A. Yazici, “Cyber security for fog-based smart grid SCADA systems: Solutions and challenges”, Journal of Information Security and Applications, Article vol. 52, 2020, Art no. 102500, doi: 10.1016/j.jisa.2020.102500.

S. Hilgurt, “Constructing Bloom filters by reconfigurable means for solving information security tasks”, Ukrainian Scientific Journal of Information Security, vol. 25, no. 1, pp. 53-58, 2019, doi: 10.18372/2225-5036.25.13594. (In Ukrainian).

J. Harwayne-Gidansky, D. Stefan, and I. Dalal, “FPGA-based SoC for Real-Time Network Intrusion Detection using Counting Bloom Filters”, in Proceedings of the IEEE Southeastcon 2009, 2009.

Y. Chen, A. Kumar, and J. Xu, “A new design of bloom filter for packet inspection speedup”, in IEEE Global Telecommunications Conference (GLOBECOM 07), Washington, DC, Nov 26-30 2007, NEW YORK: IEEE, in IEEE Global Telecommunications Conference (Globecom), 2007, pp. 1-5.

N. S. Artan, K. Sinkar, J. Patel, and H. J. Chao, “Aggregated bloom filters for intrusion detection and prevention hardware”, in IEEE Global Telecommunications Conference (GLOBECOM 07), Washington, DC, Nov 26-30 2007, NEW YORK: IEEE, in IEEE Global Telecommunications Conference (Globecom), 2007, pp. 349-354.

L. Carter, and M. Wegman, “Universal Classes of Hashing Functions”, Computer and System Sciences, vol. 18, no. 2, pp. 143-154, 1979.

S. Ya. Hilgurt, “Comparative analysis of approaches to the building of reconfigurable security tools components”, Problems of informatization and management, vol. 2, no. 66, pp. 17-26, 2021, doi: 10.18372/2073-4751.66.15712.

S. Y. Hilgurt, A. M. Davydenko, T. V. Matovka, and M. P. Prygara, “Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems”, JCSANDM, vol. 12, no. 03, pp. 339–366, 2023, doi: 10.13052/jcsm2245-1439.123.5.

L. Fan, P. Cao, J. Almeida, and A. Z. Broder, “Summary cache: A scalable wide-area Web cache sharing protocol”, IEEE ACM Transactions on Networking, Article vol. 8, no. 3, pp. 281-293, 2000, doi: 10.1109/90.851975.

S. Ya. Hilgurt, O. A. Chemerys, Reconfigurable signature-based information security tools of computer systems. Kyiv, Ukraine: Akademperiodyka, 2022, р. 297, doi: 10.15407/akademperiodyka.458.297. (In Ukrainian).

Downloads

Published

2024-11-01

How to Cite

Hilgurt, S. (2024). ESTIMATION OF COUNTING BLOOM FILTER HARDWARE COSTS FOR FPGA-BASED CYBERSECURITY SYSTEMS. Scientific Papers of Donetsk National Technical University. Series: “Computer Engineering and Automation", 2(2(34), 58–69. https://doi.org/10.31474/2786-9024/v2i2(34).313785

Issue

Vol2, N2(34)'2024

Section

Cybersecurity and critical infrastructure protection

License

Copyright (c) 2024 Сергій Якович Гільгурт

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.