An efficient parallel-network packet pattern-matching approach using GPUs

Abstract In the past few years, the increase in interest usage has been substantial. The high network bandwidth speed and the large amount of threats pose challenges to current network intrusion detection systems, which manage high amounts of network traffic and perform complicated packet processing. Pattern matching is a computationally intensive process included in network intrusion detection systems. In this paper, we present an efficient graphics processing unit (GPU)-based network packet pattern-matching algorithm by leveraging the computational power of GPUs to accelerate pattern-matching operations and subsequently increase the overall processing throughput. According to the experimental results, the proposed algorithm achieved a maximal traffic processing throughput of over 2 Gbit/s. The results demonstrate that the proposed GPU-based algorithm can effectively enhance the performance of network intrusion detection systems.

[1]  Viktor K. Prasanna,et al.  Time and area efficient pattern matching on FPGAs , 2004, FPGA '04.

[2]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[3]  George Varghese,et al.  Applying Fast String Matching to Intrusion Detection , 2001 .

[4]  Doohwan Oh,et al.  Multi-Threading and Suffix Grouping on Massive Multiple Pattern Matching Algorithm , 2012, Comput. J..

[5]  Angelos D. Keromytis,et al.  CryptoGraphics: Secret Key Cryptography Using Graphics Cards , 2005, CT-RSA.

[6]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[7]  Zhenlong Yuan,et al.  TFD: A multi-pattern matching algorithm for large-scale URL filtering , 2013, 2013 International Conference on Computing, Networking and Communications (ICNC).

[8]  Fabrizio Petrini,et al.  SCAMPI: a scalable CAM-based algorithm for multiple pattern inspection , 2009, Proceedings of the Conference on High Performance Computing Networking, Storage and Analysis.

[9]  Herbert Bos,et al.  Towards Software-Based Signature Detection for Intrusion Prevention on the Network Card , 2005, RAID.

[10]  John W. Lockwood,et al.  A framework for rule processing in reconfigurable network systems , 2005, 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'05).

[11]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[12]  Carla E. Brodley,et al.  Offloading IDS Computation to the GPU , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[13]  Jens H. Krüger,et al.  A Survey of General‐Purpose Computation on Graphics Hardware , 2007, Eurographics.

[14]  Evangelos P. Markatos,et al.  Generating realistic workloads for network intrusion detection systems , 2004, WOSP '04.

[15]  C.J. Coit,et al.  Towards faster string matching for intrusion detection or exceeding the speed of Snort , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[16]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[17]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[18]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[19]  Beate Commentz-Walter,et al.  A String Matching Algorithm Fast on the Average , 1979, ICALP.

[20]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[21]  J.B.D. Cabrera,et al.  On the statistical distribution of processing times in network intrusion detection , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[22]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[23]  Yaw-Ling Lin,et al.  Efficient GPGPU-Based Parallel Packet Classification , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.