High-Speed Pattern Matching Algorithm with CPU/GPU Cooperation for Network Intrusion Detection Systems

Proceedings of The 7th IIAE International Conference on Industrial Application Engineering 2019 Pub Date : 2019-01-18 DOI:10.12792/ICIAE2019.033

Chun-Liang Lee, Guan-Zhang Chen, K. Lu

{"title":"High-Speed Pattern Matching Algorithm with CPU/GPU Cooperation for Network Intrusion Detection Systems","authors":"Chun-Liang Lee, Guan-Zhang Chen, K. Lu","doi":"10.12792/ICIAE2019.033","DOIUrl":null,"url":null,"abstract":"Network intrusion detection systems (NIDSs) have been widely deployed in the Internet to protect Internet-enabled devices from malicious attacks by performing deep packet inspection (DPI). Pattern matching plays an important role in DPI, and consumes a significant portion of system execution time for NIDSs. In this paper, we propose a high-speed pattern matching algorithm with CPU/GPU cooperation. Incoming packets are first inspected by CPU to quickly filter out suspicious packets that may contain malicious patterns. Then GPU, which has superior parallel computing power, takes over to determine if a suspicious packet does contain malicious patterns. In addition, in our proposed algorithm, GPU does not have to inspect the entire payload of a packet, but instead can bypass the partial packet payload that has been inspected by CPU. Through the cooperation between CPU and GPU, our proposed algorithm can achieve higher pattern mating speeds than other algorithms. Simulation results show that even in the case that all packets contain malicious patterns, our proposed algorithm can achieve a matching speed of 15 Gbps.","PeriodicalId":173819,"journal":{"name":"Proceedings of The 7th IIAE International Conference on Industrial Application Engineering 2019","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of The 7th IIAE International Conference on Industrial Application Engineering 2019","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12792/ICIAE2019.033","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Network intrusion detection systems (NIDSs) have been widely deployed in the Internet to protect Internet-enabled devices from malicious attacks by performing deep packet inspection (DPI). Pattern matching plays an important role in DPI, and consumes a significant portion of system execution time for NIDSs. In this paper, we propose a high-speed pattern matching algorithm with CPU/GPU cooperation. Incoming packets are first inspected by CPU to quickly filter out suspicious packets that may contain malicious patterns. Then GPU, which has superior parallel computing power, takes over to determine if a suspicious packet does contain malicious patterns. In addition, in our proposed algorithm, GPU does not have to inspect the entire payload of a packet, but instead can bypass the partial packet payload that has been inspected by CPU. Through the cooperation between CPU and GPU, our proposed algorithm can achieve higher pattern mating speeds than other algorithms. Simulation results show that even in the case that all packets contain malicious patterns, our proposed algorithm can achieve a matching speed of 15 Gbps.

查看原文本刊更多论文

网络入侵检测系统中CPU/GPU协同的高速模式匹配算法

网络入侵检测系统(Network intrusion detection system, nids)通过深度数据包检测(deep packet inspection, DPI)来保护联网设备免受恶意攻击，已被广泛部署在互联网中。模式匹配在DPI中起着重要的作用，并且占用了nids的很大一部分系统执行时间。本文提出了一种CPU/GPU协同的高速模式匹配算法。CPU首先对进入的报文进行检测，快速过滤掉可能含有恶意模式的可疑报文。然后，拥有超强并行计算能力的GPU接管，以确定可疑数据包是否包含恶意模式。此外，在我们提出的算法中，GPU不必检查数据包的整个有效载荷，而是可以绕过已经被CPU检查的部分数据包有效载荷。通过CPU和GPU的协同，我们的算法可以实现比其他算法更高的模式匹配速度。仿真结果表明，即使在所有数据包都包含恶意模式的情况下，我们提出的算法也可以达到15 Gbps的匹配速度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of The 7th IIAE International Conference on Industrial Application Engineering 2019

自引率

0.00%

发文量