Graphics processing unit based next generation DDoS prevention system

Abstract

Packet filtering is the main component of prevention systems to protect the network system of the devices against attacks. The algorithm allows the packets to access to network after passing some rules. The packets with decisions are written into a connection table that consists of essential network information. In this paper, we design and implement a massively parallel computation approach of Graphics Processing Unit (GPU) that can be used for network connection tracking. The results show that the GPU based connection table tracking algorithms achieve 90,000,000 packets per second (pps) throughput which is 35 times faster than the packet filtering function defined in Linux kernel.