A fundamental challenge with cyber security systems is the associated requirement to
perform sophisticated data analysis at high speed. While machine learning (ML) is effective
at addressing many Cyber problems, its computational complexity often makes its implementation
infeasible at line rates. Signature-based intrusion detection systems (IDSs) identify
known attacks and fall into the misuse detection class. Machine Learning approaches that
learn the behaviour of the traffic flow fall into the class of anomaly detectors. We propose
CruxML CANE, an FPGA-based IDS which achieves line rate speeds and combines signature
(existing capability) and anomaly based (proposed capability) detectors. Compared with
software implementations on processors and GPUs, our hybrid IDS (HIDS) system is more
secure, accurate and performant. Moreover, it has a greatly reduced attack surface as the
insertion of malicious code, injection attacks and viruses do not have an FPGA counterpart.