A real-time NetFlow-based intrusion detection system with improved BBNN and high-frequency field programmable gate arrays

Future large-scale complex computing environments present challenges to the real-time intrusion detection systems (IDSs). In this paper, we design a prototype with hybrid software-enabled detection engine on the basis of our improved block-based neural network (BBNN), and integrate it with a high-frequency FPGA board to form a real-time intrusion detection system. The established prototype can seamlessly feed the large-scale NetFlow data obtained from Cisco routers directly into the improved BBNN based IDS. The corresponding BBNN structure and parameter settings have been improved and experimentally tested. Experimental performance comparisons have been conducted against four major schemes of Support Vector Machine (SVM) and Naive Bayes algorithm. The results show that the improved BBNN outperforms other algorithms with respect to the classification and detection performances. The false alarm rate is successfully reduced as low as 5.14% while the genuine detection rate 99.92% is still maintained. © 2012 IEEE.