Gpu-Accelerated Multi-Pattern Matching Algorithms for Network Intrusion Detection Systems

Project: National Science and Technology CouncilNational Science and Technology Council Academic Grants

Project Details

Abstract

Toward the goal of improving network security, firewalls are widely deployed to provide protection by inspecting source and destination IP addresses, port numbers, protocols, and other packet header fields. However, since firewalls can only provide limited protection again attacks, network intrusion detection systems (NIDSs) have been proposed as an alternative for providing greater security by performing deep packet inspection. Pattern matching, which can consume up to 70% of system execution time, is the most important factor in overall NIDS system performance. Pattern matching algorithms can be implemented by software or hardware. Software-based implementations provide better flexibility and programmability than hardware-based implementations. However, traditional approaches that involve using only a central processing unit (CPU) have become inadequate for satisfying the required inspection speed. Graphics processing units (GPUs) have a parallel processing power superior to that of CPUs. Therefore, a number of pattern matching algorithms using GPUs can be found in the literature. In our previous work (supported by MOST 102-2221-E-182-034), we have proposed a hybrid CPU/GPU pattern matching algorithm (HPMA) that divides and distributes the packet-inspection workload between a CPU and GPU. In this two-year research project, we plan to continue our previous research on multi-pattern matching algorithms using CPU/GPU cooperation. In the first year, we will focus on designing a comprehensive multi-pattern matching algorithm that can achieve high packet inspection speed for a wide variety of hardware platforms and network traffic. The key idea of our proposed algorithm is to dynamically distribute workload between a CPU and GPU based on factors that may affect the throughput. In the second year, we will devote our efforts to implementing the algorithm proposed in the first year on multi-core processor-based systems with 10 gigabit Ethernet adapters on Linux. To accelerate packet capture performance, we will use the threaded new application programming interface (TNAPI), which offers higher packet capture speed than NAPI. We will modify our proposed pattern-matching algorithm to make it work efficiently with TNAPI. Extensive experiments will be conducted to verify and fine-tune our algorithm.

Project IDs

Project ID:PB10703-1488
External Project ID:MOST106-2221-E182-017
StatusFinished
Effective start/end date01/08/1731/07/18

Keywords

  • Multi-pattern matching
  • general-purpose graphics processing unit
  • network intrusion detection

Fingerprint

Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.