论文信息 - On GPU accelerated tuning for a payload anomaly-based network intrusion detection scheme

On GPU accelerated tuning for a payload anomaly-based network intrusion detection scheme

In network intrusion detection, anomaly-based solutions complement signature-based solutions in mitigating zero-day attacks, but require extensive training and learning to effectively model what the normal pattern for a given system (or service) looks like. Though the training typically happens off-line, and the processing speed is not as important as the detection stage (which occurs on-line in real-time), continuous analysis and retuning may be attractive depending on the deployment scenarios. The different types of computation required to perform automatic retuning (or retraining) of the system may result in resource competition for other important system tasks. Thus, a mechanism by which the retuning can take place without affecting the actual system workload is important. In this paper, we describe a layered, simple statistics based anomaly detection algorithm with parallel implementation of the training algorithm. We focus on the use of graphic processing units (GPU) to allow cost-efficient implementation with minimal impact on CPU loads so as to minimize affecting the day to day server workloads. Our results show potential for significant performance improvements.

Sun-il Kim | Nnamdi Nwanze | William Edmonds

[1] Andrew J. Clark,et al. Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[2] Sun-il Kim,et al. Noise-Resistant Payload Anomaly Detection for Network Intrusion Detection Systems , 2008, 2008 IEEE International Performance, Computing and Communications Conference.

[3] Wenke Lee,et al. McPAD: A multiple classifier system for accurate payload-based anomaly detection , 2009, Comput. Networks.

[4] Christopher Krügel,et al. Protecting a Moving Target: Addressing Web Application Concept Drift , 2009, RAID.

[5] Salvatore J. Stolfo,et al. Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[6] Blake Johnson,et al. On network intrusion detection for deployment in the wild , 2012, 2012 IEEE Network Operations and Management Symposium.

[7] Wenji Wu,et al. G-NetMon: A GPU-accelerated network performance monitoring system for large scale scientific collaborations , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[8] René Cumplido,et al. High Throughput Signature Based Platform for Network Intrusion Detection , 2013, CIARP.

[9] Wenji Wu,et al. A GPU-accelerated network traffic monitoring and analysis system , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).