Traffic Classification over Gbit Speed with Commodity Hardware

This paper discusses necessary components of a GPU-assisted traffic classification method, which is capable of multi-Gbps speeds on commodity hardware. The majority of the traffic classification is pushed to the GPU to offload the CPU, which then may serve other processing intensive tasks, e.g., traffic capture. The paper presents two massively parallelizable algorithms suitable for GPUs. The first one performs signature search using a modification of Zobrist hashing. The second algorithm supports connection pattern-based analysis and aggregation of matches using a parallel-prefix-sum algorithm adapted to GPU. The performance tests of the proposed methods showed that traffic classification is possible up to approximately 6 Gbps with a commodity PC.

[1]  Dap Hartmann,et al.  Memory versus Search in Games , 1998, J. Int. Comput. Games Assoc..

[2]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[3]  István Szabó,et al.  Accurate Traffic Classification , 2007, 2007 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[4]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[5]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[6]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[7]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[8]  Jia Wang,et al.  Analyzing peer-to-peer traffic across large networks , 2002, IMW '02.

[9]  Nen-Fu Huang,et al.  A GPU-Based Multiple-Pattern Matching Algorithm for Network Intrusion Detection Systems , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[10]  nVIDIA社 CUDA Programming Guide 1.1 , 2007 .

[11]  En Zhu,et al.  A Hybrid Parallel Signature Matching Model for Network Security Applications Using SIMD GPU , 2009, APPT.

[12]  Robert M. Hyatt,et al.  The Effect of Hash Signature Collisions in a Chess Program , 2005, J. Int. Comput. Games Assoc..

[13]  Luca Deri,et al.  High-Speed Dynamic Packet Filtering , 2007, Journal of Network and Systems Management.

[14]  Mark J. Harris,et al.  Parallel Prefix Sum (Scan) with CUDA , 2011 .

[15]  Evangelos P. Markatos,et al.  Improving the Performance of Passive Network Monitoring Applications using Locality Buffering , 2007, 2007 15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems.

[16]  Sotiris Ioannidis,et al.  Regular Expression Matching on Graphics Hardware for Intrusion Detection , 2009, RAID.

[17]  J.B.D. Cabrera,et al.  On the statistical distribution of processing times in network intrusion detection , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[18]  Vern Paxson,et al.  The shunt: an FPGA-based accelerator for network intrusion prevention , 2007, FPGA '07.

[19]  Neelam Goyal,et al.  Signature Matching in Network Processing using SIMD / GPU Architectures , 2007 .

[20]  Carla E. Brodley,et al.  Offloading IDS Computation to the GPU , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).