Project Details
Abstract
Toward the goal of improving network security, firewalls are widely deployed to provide protection by
inspecting source and destination IP addresses, port numbers, protocols, and other packet header fields.
However, since firewalls can only provide limited protection again attacks, network intrusion detection
systems (NIDSs) have been proposed as an alternative for providing greater security by performing deep
packet inspection. Pattern matching, which can consume up to 70% of system execution time, is the most
important factor in overall NIDS system performance. Pattern matching algorithms can be implemented by
software or hardware. Software-based implementations provide better flexibility and programmability than
hardware-based implementations. However, traditional approaches that involve using only a central
processing unit (CPU) have become inadequate for satisfying the required inspection speed. Graphics
processing units (GPUs) have a parallel processing power superior to that of CPUs. Therefore, a number of
pattern matching algorithms using GPUs can be found in the literature. In our previous work (supported by
MOST 102-2221-E-182-034), we have proposed a hybrid CPU/GPU pattern matching algorithm (HPMA)
that divides and distributes the packet-inspection workload between a CPU and GPU. In this two-year
research project, we plan to continue our previous research on multi-pattern matching algorithms using
CPU/GPU cooperation. In the first year, we will focus on designing a comprehensive multi-pattern matching
algorithm that can achieve high packet inspection speed for a wide variety of hardware platforms and
network traffic. The key idea of our proposed algorithm is to dynamically distribute workload between a
CPU and GPU based on factors that may affect the throughput. In the second year, we will devote our efforts
to implementing the algorithm proposed in the first year on multi-core processor-based systems with 10
gigabit Ethernet adapters on Linux. To accelerate packet capture performance, we will use the threaded new
application programming interface (TNAPI), which offers higher packet capture speed than NAPI. We will
modify our proposed pattern-matching algorithm to make it work efficiently with TNAPI. Extensive
experiments will be conducted to verify and fine-tune our algorithm.
Project IDs
Project ID:PB10703-1488
External Project ID:MOST106-2221-E182-017
External Project ID:MOST106-2221-E182-017
Status | Finished |
---|---|
Effective start/end date | 01/08/17 → 31/07/18 |
Keywords
- Multi-pattern matching
- general-purpose graphics processing unit
- network intrusion detection
Fingerprint
Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.