Efficient Parallel Muti-pattern Matching Using GPGPU Acceleration for Packet Filtering

In the past decades, the Internet usage has increased dramatically. For the network security, the network packet filtering is an important strategy to identify malicious network packets. However, malicious attacks spread much faster than network administrators can respond. The software-only implementations of filter are unlikely to meet the performance goals. Therefore, we develop a novel GPGPU-based parallel packet classification approach by adopting bloom filter to inspect the packet payload by leveraging the computation power of GPGPU. The experiment results present that the proposed algorithm can be significantly enhanced the performance of filtering packets. According to the experimental results, the proposed method can achieve over 5.4 times speed up over the sequential bloom filter on single CPU.

[1]  Che-Lun Hung,et al.  An efficient parallel-network packet pattern-matching approach using GPUs , 2014, J. Syst. Archit..

[2]  J.B.D. Cabrera,et al.  On the statistical distribution of processing times in network intrusion detection , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[3]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[4]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[5]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[6]  George Varghese,et al.  Applying Fast String Matching to Intrusion Detection , 2001 .

[7]  Angelos D. Keromytis,et al.  CryptoGraphics: Secret Key Cryptography Using Graphics Cards , 2005, CT-RSA.

[8]  Herbert Bos,et al.  Towards Software-Based Signature Detection for Intrusion Prevention on the Network Card , 2005, RAID.

[9]  Viktor K. Prasanna,et al.  Time and area efficient pattern matching on FPGAs , 2004, FPGA '04.

[10]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[11]  John W. Lockwood,et al.  A framework for rule processing in reconfigurable network systems , 2005, 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'05).

[12]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[13]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[14]  C.J. Coit,et al.  Towards faster string matching for intrusion detection or exceeding the speed of Snort , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[15]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[16]  Carla E. Brodley,et al.  Offloading IDS Computation to the GPU , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[17]  Chang-Su Kim,et al.  Optimized contrast enhancement for real-time image and video dehazing , 2013, J. Vis. Commun. Image Represent..

[18]  Beate Commentz-Walter,et al.  A String Matching Algorithm Fast on the Average , 1979, ICALP.

[19]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[20]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[21]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[22]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..