S.Ya. Hilgurt scite author profile

S.Ya. Hilgurt

4Publications

3Citation Statements Received

35Citation Statements Given

How they've been cited

How they cite others

Affiliations

Pukhov Institute for Modelling in Energy Engineering, National Academy of Sciences of Ukraine

Publications

Order By: Most citations

Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems

Hilgurt

Davydenko

Матьовка

et al. 2023

JCSANDM

View full text Add to dashboard Cite

When creating signature-based cybersecurity systems for network intrusion detection (NIDS), spam filtering, protection against viruses, worms, etc., developers have to use hardware devices such as field programmable gate arrays (FPGA), since software solutions can no longer support the necessary speeds. There are many different approaches to build hardware circuits for pattern matching (where patterns are the parts of signatures). Choosing the optimal technical solution for certain conditions is not a trivial task. Developers of such hardware tend to act intuitively, heuristically. In this article, we provide tools to help them intelligently build cybersecurity systems using FPGAs. For the qualitative analysis of FPGA-based matching schemes, the classification of efficiency criteria and related indicators is considered. This classification was compiled by studying a large number of practical developments of FPGA-based cybersecurity systems, primarily NIDS. A method of rapid calculating numerical characteristics of the FPGA-based signature system components is proposed as a quantitative assessment tool. This method based on the use of so-called estimation functions allows avoiding the time-consuming execution of the digital circuit synthesis procedure. A number of experiments were carried out with the most promising matching schemes, allowing evaluating the above-mentioned tools. The rapid quantification method allows developers of hardware-accelerated cybersecurity systems to even apply it at each iteration within the optimization procedure cycle.

show abstract

A Method of Accelerated Quantitative Evaluation of Components of FPGA-based Security Systems

Hilgurt¹

2022

Èlektron. model.

View full text Add to dashboard Cite

Recently, various approaches have been successfully used in information security tools to detect harmful activity, including artificial intelligence technologies. But only the signature approach can completely eliminate recognition errors. That is especially important for critical infrastructure objects. One of the main disadvantages of signature tools is the high computational complexity. Therefore, the developers of such systems turn to hardware implementation, primarily on a reconfigurable platform, that is, using FPGAs. The ability to quickly reprogram FPGAs gives reconfigurable security systems unprecedented flexibility and adaptive possibilities. There are many different approaches to the construction of hardware pattern matching circuits (that are parts of signatures). Choosing the optimal technical solution for recognizing a specific set of patterns is a non-trivial task. For a more efficient distribution of patterns between components, it is necessary to solve an optimization task, the objective function of which includes the quantitative technical characteristics of hardware recognition schemes. Finding these values at each step of the algorithm by performing the full digital circuit synthesis procedure by the CAD is an unacceptably slow approach. The method proposed in this study for the accelerated quantitative evaluation of components of reconfigurable signature-based security systems, based on the use of the so-called evaluation functions, allows solving the problem.

show abstract

Parallel Combining Different Approaches to Multi-pattern Matching for Fpga-based Security Systems

Hilgurt¹

2017

ACPS

View full text Add to dashboard Cite

The multi-pattern matching is a fundamental technique found in applications like a network intrusion detection system, anti-virus, anti-worms and other signature- based information security tools. Due to rising traffic rates, increasing number and sophistication of attacks and the collapse of Moore’s law, traditional software solutions can no longer keep up. Therefore, hardware approaches are frequently being used by developers to accelerate pattern matching. Reconfigurable FPGA-based devices, providing the flexibility of software and the near-ASIC performance, have become increasingly popular for this purpose. Hence, increasing the efficiency of reconfigurable information security tools is a scientific issue now. Many different approaches to constructing hardware matching circuits on FPGAs are known. The most widely used of them are based on discrete comparators, hash-functions and finite automata. Each approach possesses its own pros and cons. None of them still became the leading one. In this paper, a method to combine several different approaches to enforce their advantages has been developed. An analytical technique to quickly advance estimate the resource costs of each matching scheme without need to compile FPGA project has been proposed. It allows to apply optimization procedures to near-optimally split the set of pattern between different approaches in acceptable time.

show abstract

A Concise Review of FPGA-Based Hardware Solutions for Network Intrusion Detection

Hilgurt

2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

S.Ya. Hilgurt

Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems

A Method of Accelerated Quantitative Evaluation of Components of FPGA-based Security Systems

Parallel Combining Different Approaches to Multi-pattern Matching for Fpga-based Security Systems

A Concise Review of FPGA-Based Hardware Solutions for Network Intrusion Detection

Contact Info

Product

Resources

About