A configurable-hardware document-similarity classifier to detect web attacks.
- Lawrence Livermore National Laboratory
This paper describes our approach to adapting a text document similarity classifier based on the Term Frequency Inverse Document Frequency (TFIDF) metric to reconfigurable hardware. The TFIDF classifier is used to detect web attacks in HTTP data. In our reconfigurable hardware approach, we design a streaming, real-time classifier by simplifying an existing sequential algorithm and manipulating the classifier's model to allow decision information to be represented compactly. We have developed a set of software tools to help automate the process of converting training data to synthesizable hardware and to provide a means of trading off between accuracy and resource utilization. The Xilinx Virtex 5-LX implementation requires two orders of magnitude less memory than the original algorithm. At 166MB/s (80X the software) the hardware implementation is able to achieve Gigabit network throughput at the same accuracy as the original algorithm.
- Research Organization:
- Sandia National Laboratories
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC04-94AL85000
- OSTI ID:
- 1002067
- Report Number(s):
- SAND2010-2057C
- Country of Publication:
- United States
- Language:
- English
Similar Records
A configurable-hardware document-similarity classifier to detect web attacks.
PARAMETERIZED K-MEANS CLUSTERING FOR RAPID HARDWARE DEVELOPMENT TO ACCELERATE ANALYSIS OF SATELLITE DATA