Length-bounded Hybrid CPU/GPU Pattern Matching Algorithm for Deep Packet Inspection

Since frequent communication between the applications took place in high speed networks, deep packet inspection (DPI) plays an important role to the network application awareness. The signature-based network intrusion detection system (NIDS) contains the DPI technique that examines the incoming packet payloads by employing the pattern matching algorithm, which dominates the overall inspection performance. Existing studies focused on implementing efficient pattern matching algorithms by parallel programming on software platform because of the advantages of lower cost and higher scalability. Either the central processing unit (CPU) or the graphic processing unit (GPU) was involved. Our studies focused on designing a pattern matching algorithm based on the cooperation between both CPU and GPU. In this paper, we present an enhanced design for our previous work and introduce this novel method, a length-bounded hybrid CPU/GPU pattern matching algorithm (LHPMA). In the preliminary experiment, the performance and comparison with the previous work are displayed, and the results show that the LHPMA achieves higher throughput than other tested algorithms.

[1]  Christos Douligeris,et al.  Network Security: Current Status and Future Directions , 2007 .

[2]  Sotiris Ioannidis,et al.  MIDeA: a multi-parallel intrusion detection architecture , 2011, CCS '11.

[3]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[4]  P. Gács,et al.  Algorithms , 1992 .

[5]  J.B.D. Cabrera,et al.  On the statistical distribution of processing times in network intrusion detection , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[6]  Carla E. Brodley,et al.  Offloading IDS Computation to the GPU , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[7]  Yaw-Chung Chen,et al.  A Hybrid CPU/GPU Pattern-Matching Algorithm for Deep Packet Inspection , 2015, PloS one.

[8]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[9]  Daxin Tian,et al.  Large-scale network intrusion detection based on distributed learning algorithm , 2008, International Journal of Information Security.

[10]  Lucas Vespa,et al.  GPEP: Graphics Processing Enhanced Pattern-Matching for High-Performance Deep Packet Inspection , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[11]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[12]  Victor C. Valgenti,et al.  REduce: Removing Redundancy from Regular Expression Matching in Network Security , 2015, 2015 24th International Conference on Computer Communication and Networks (ICCCN).

[13]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[14]  Fabrizio Petrini,et al.  Exact multi-pattern string matching on the cell/b.e. processor , 2008, CF '08.

[15]  Yung Ryn Choe,et al.  Conservative vs. Optimistic Parallelization of Stateful Network Intrusion Detection , 2007, ISPASS 2008 - IEEE International Symposium on Performance Analysis of Systems and software.

[16]  Kevin Skadron,et al.  Scalable parallel programming , 2008, 2008 IEEE Hot Chips 20 Symposium (HCS).

[17]  Evangelos P. Markatos,et al.  Generating realistic workloads for network intrusion detection systems , 2004, WOSP '04.

[18]  Jason Lee,et al.  The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware , 2007, RAID.

[19]  Yaw-Chung Chen,et al.  A Capability-Based Hybrid CPU/GPU Pattern Matching Algorithm for Deep Packet Inspection , 2016 .

[20]  Sangjin Han,et al.  PacketShader: a GPU-accelerated software router , 2010, SIGCOMM '10.

[21]  Sungryoul Lee,et al.  Kargus: a highly-scalable software-based intrusion detection system , 2012, CCS.

[22]  Gaogang Xie,et al.  Scalable high-performance parallel design for Network Intrusion Detection Systems on many-core processors , 2013, Architectures for Networking and Communications Systems.

[23]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[24]  Xiaodong Yu,et al.  GPU acceleration of regular expression matching for large datasets: exploring the implementation space , 2013, CF '13.

[25]  A Saritha,et al.  A system for detecting network intruders in real-time , 2016 .

[26]  Christopher Krügel,et al.  Stateful intrusion detection for high-speed network's , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[27]  Ming Yang,et al.  GPU-based NFA implementation for memory efficient high speed regular expression matching , 2012, PPoPP '12.

[28]  Sun UltraSPARC,et al.  A closer look at GPUs , 2008, Commun. ACM.

[29]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[30]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[31]  Rachid Beghdad,et al.  Critical study of neural networks in detecting intrusions , 2008, Comput. Secur..

[32]  Jianfa Wu,et al.  Network Intrusion Detection Based on a General Regression Neural Network Optimized by an Improved Artificial Immune Algorithm , 2015, PloS one.