Design and implementation of an FPGA-based IPS on top of the existing IDS architecture
This thesis aims to extend the existing FPGA-based Snort IDS implementation by integrating Intrusion Prevention System (IPS) capabilities. The system will be enhanced to operate inline, enabling real-time packet filtering, flow blocking, and threat mitigation based on detected rules. Emphasis is placed on low-latency hardware processing, decision mechanisms for packet handling, and seamless integration with the current IDS architecture to provide a complete FPGA-based network security solution.
Contact Person: Gregory Chrysos
Partial reconfiguration for adaptive IDS/IPS based on traffic profile and zero-day attacks
This topic explores the use of FPGA partial reconfiguration to create an adaptive IDS/IPS system that can modify its detection logic at runtime according to observed traffic patterns and emerging threats. The system dynamically loads different rule sets or detection modules without interrupting operation, enabling rapid response to zero-day attacks and changing network conditions. The work highlights runtime adaptability, hardware modularity, and efficient reconfiguration strategies for continuous network protection.
Contact Person: Gregory Chrysos
FPGA implementation of encrypted traffic fingerprinting
This thesis focuses on the design and implementation of an FPGA-based module capable of performing encrypted traffic fingerprinting without decrypting the payload. By analyzing flow-level characteristics, packet timing, sizes, and protocol metadata, the system can classify and identify suspicious encrypted communications in real time. The work emphasizes high-throughput hardware parsing, feature extraction, and pattern recognition suitable for TLS/SSL traffic, enabling effective intrusion detection in modern networks where encryption is dominant.
Contact Person: Gregory Chrysos
FPGA-Accelerated ML-Based IDS for Real-Time Threat Detection
This thesis investigates the design and implementation of an FPGA-accelerated machine learning–based Intrusion Detection System (IDS) for real-time threat detection. The proposed system performs both network traffic feature extraction and ML model inference directly in hardware, enabling high-throughput and low-latency operation. Emphasis is placed on efficient hardware pipelines for feature computation and on implementing the ML model using fixed-point arithmetic to optimize FPGA resource utilization. The performance of the FPGA-based solution will be evaluated and compared against software-based ML IDS approaches in terms of latency, throughput, and detection accuracy.
Contact Person: Gregory Chrysos
Online Feature Extraction and ML Training on FPGA
This thesis explores the implementation of real-time network traffic feature extraction on FPGA and the investigation of methods for incremental or online training of machine learning models for adaptive intrusion detection. The FPGA is responsible for efficiently computing flow-based features such as packet sizes, timing characteristics, and protocol metadata, which are then provided to a training engine, potentially co-processed on a CPU. The work also examines the feasibility of using partial FPGA reconfiguration to update ML models or feature extraction modules at runtime without interrupting system operation, enabling a continuously evolving ML-based IDS.
Contact Person: Gregory Chrysos
FPGA Acceleration of Graph Neural Networks for Large-Scale Graph Mining and Analytics
This thesis investigates the design and implementation of an FPGA-based hardware accelerator for Graph Neural Networks (GNNs) targeting large-scale graph mining and analytics tasks. In this approach, the AI model itself performs the graph mining by learning structural patterns, node relationships, and hidden graph features through message passing and neighborhood aggregation. The FPGA is used to accelerate the most computationally and memory-intensive parts of GNN inference, including feature updates, using highly parallel and streaming architectures. The proposed system demonstrates how FPGA acceleration can significantly enhance the performance and energy efficiency of AI-driven graph analytics compared to conventional CPU/GPU implementations.
Contact Person: Gregory Chrysos
Concurrent Abstract Data Types (ADTs) for Multiway Stream Aggregation on FPGA
This thesis investigates the design of concurrent abstract data types (ADTs) for FPGA-based multiway stream aggregation. It analyzes the parallelization needs and limitations of existing aggregation data structures and proposes hardware-friendly, concurrent ADTs that support high parallelism and workload balancing. The goal is to enable low-latency, high-throughput multiway aggregation over unbounded data streams, supporting multiple continuous queries in real time. The work demonstrates how optimized FPGA data structures can significantly outperform CPU/GPU implementations in streaming analytics applications.
Contact Person: Gregory Chrysos