An Efficient GPU-Based Multiple Pattern Matching Algorithm for Packet Filtering

In the past few decades, a variety of the malicious attacks on the Internet were discovered. Most of these attacks were through packets with different network protocols. Due to the very fast spread of these attacks, it was difficult for people to copy with them immediately. Consequently, packet filtering is a critical method to prevent these attacks. However, most packet filtering software solutions cannot satisfy the demands of the contemporary network bandwidth. In this paper, we propose a GPU-based multiple-pattern matching algorithm for filtering malicious packets by using a Bloom filter to inspect the packet payload by leveraging the high parallelism computing power of GPU. In the experiments, we compare the proposed algorithm with different GPU-implemented technologies to sequence the Bloom filter algorithm on different platforms. The experimental results demonstrate that the proposed algorithm significantly enhances performance over sequential algorithms.

[1]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[2]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[3]  Per-Åke Larson,et al.  Dynamic hashing , 1978, BIT.

[4]  Yibo Xue,et al.  PARA-SNORT : A MULTI-THREAD SNORT ON MULTI-CORE IA PLATFORM , 2009 .

[5]  Anat Bremler-Barr,et al.  Leveraging traffic repetitions for high-speed deep packet inspection , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[6]  George Varghese,et al.  Fast Content-Based Packet Handling for Intrusion Detection , 2001 .

[7]  Viktor K. Prasanna,et al.  Time and area efficient pattern matching on FPGAs , 2004, FPGA '04.

[8]  George Varghese,et al.  Applying Fast String Matching to Intrusion Detection , 2001 .

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Meikang Qiu,et al.  Online optimization for scheduling preemptable tasks on IaaS cloud systems , 2012, J. Parallel Distributed Comput..

[11]  Sheng-De Wang,et al.  An Embedded NIDS with Multi-core Aware Packet Capture , 2013, 2013 IEEE 16th International Conference on Computational Science and Engineering.

[12]  Chang-Su Kim,et al.  Optimized contrast enhancement for real-time image and video dehazing , 2013, J. Vis. Commun. Image Represent..

[13]  Yan Sun,et al.  A Fast Regular Expressions Matching Algorithm for NIDS , 2013 .

[14]  Carla E. Brodley,et al.  Offloading IDS Computation to the GPU , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[15]  Meikang Qiu,et al.  Selecting proper wireless network interfaces for user experience enhancement with guaranteed probability , 2012, J. Parallel Distributed Comput..

[16]  Beate Commentz-Walter,et al.  A String Matching Algorithm Fast on the Average , 1979, ICALP.

[17]  Jyuo-Min Shyu,et al.  Accelerating String Matching Using Multi-Threaded Algorithm on GPU , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[18]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[19]  C.J. Coit,et al.  Towards faster string matching for intrusion detection or exceeding the speed of Snort , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[20]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[21]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[22]  Lei Jiang,et al.  A fast regular expression matching engine for NIDS applying prediction scheme , 2014, 2014 IEEE Symposium on Computers and Communications (ISCC).

[23]  John W. Lockwood,et al.  A framework for rule processing in reconfigurable network systems , 2005, 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'05).

[24]  Gaogang Xie,et al.  Scalable high-performance parallel design for Network Intrusion Detection Systems on many-core processors , 2013, Architectures for Networking and Communications Systems.

[25]  J.B.D. Cabrera,et al.  On the statistical distribution of processing times in network intrusion detection , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[26]  Meikang Qiu,et al.  Resource allocation robustness in multi-core embedded systems with inaccurate information , 2011, J. Syst. Archit..

[27]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[28]  John W. Lockwood,et al.  Fast and Scalable Pattern Matching for Network Intrusion Detection Systems , 2006, IEEE Journal on Selected Areas in Communications.

[29]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[30]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[31]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[32]  Khaled Salah,et al.  Accelerating snort NIDS using NetFPGA-based Bloom filter , 2014, 2014 International Wireless Communications and Mobile Computing Conference (IWCMC).

[33]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[34]  Che-Lun Hung,et al.  An efficient parallel-network packet pattern-matching approach using GPUs , 2014, J. Syst. Archit..