Intrusion detection systems (IDS) are crucial security measures nowadays to enforce network security. Their task is to detect anomalies in network communication and identify, if not thwart, possibly malicious behavior. Recently, machine learning has been deployed to construct intelligent IDS. This approach, however, is quite challenging particularly in distributed, highly dynamic, yet resource-constrained systems like Edge setups. In this paper, we tackle this issue from multiple angles by analyzing the concept of intelligent IDS (I-IDS) while addressing the specific requirements of Edge devices with a special focus on reconfigurability. Then, we introduce a systematic approach to constructing the I-IDS on reconfigurable Edge hardware. For this, we implemented our proposed IDS on state-of-the-art Field Programmable Gate Arrays (FPGAs) technology as (1) a purely FPGA-based dataflow processor (DFP) and (2) a co-designed approach featuring RISC-V soft-core as FPGA-based soft-core processor (SCP). We complete our paper with a comparison of the state of the art (SoA) in this domain. The results show that DFP and SCP are both suitable for Edge applications from hardware resource and energy efficiency perspectives. Our proposed DFP solution clearly outperforms the SoA and demonstrates that required high performance can be achieved without prohibitively high hardware costs. This makes our proposed DFP suitable for Edge-based high-speed applications like modern communication technology.

翻译：入侵检测系统（IDS）是当今保障网络安全的关键安全措施，其任务在于检测网络通信中的异常行为，并识别（若非阻止）可能的恶意活动。近年来，机器学习被用于构建智能入侵检测系统。然而，这种方法在分布式、高度动态且资源受限的系统（如边缘计算场景）中面临严峻挑战。本文从多个角度探讨该问题：首先分析智能入侵检测系统（I-IDS）的概念，同时针对边缘设备的特殊需求（尤其关注可重构性）进行阐述；随后，我们提出一种在可重构边缘硬件上构建智能入侵检测系统的系统性方法。为此，我们基于最先进的现场可编程门阵列（FPGA）技术实现了所提出的入侵检测系统，具体包含两种方案：（1）纯FPGA数据流处理器（DFP）；（2）采用RISC-V软核作为FPGA软核处理器（SCP）的协同设计方法。最后，本文与该领域现有技术水平（SoA）进行对比。结果表明，从硬件资源与能效角度而言，DFP和SCP均适用于边缘应用。我们提出的DFP方案在性能上明显优于现有技术，证明在不显著增加硬件成本的情况下即可实现所需的高性能，从而使其适用于基于边缘的高速应用场景（如现代通信技术）。