Efficient Packet Pattern Matching for Gigabit Network Intrusion Detection using GPUs

被引:5
|
作者
Hung, Che-Lun [1 ]
Wang, Hsiao-hsi [2 ]
Chang, Chin-Yuan [2 ]
Lin, Chun-Yuan [3 ]
机构
[1] Providence Univ, Dept Comp Sci & Commun Engn, Taichung, Taiwan
[2] Providence Univ, Dept Comp Sci & Informat Management, Taichung, Taiwan
[3] Chang Gung Univ, Dept Comp Sci & Informat Engn, Taoyuan, Taiwan
来源
2012 IEEE 14TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS & 2012 IEEE 9TH INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS (HPCC-ICESS) | 2012年
关键词
GPU; parallel processing; patttern matching; intrusion dection systems; COMPUTATION;
D O I
10.1109/HPCC.2012.235
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
With the rapid development of network hardware technologies and network bandwidth, the high link speeds and huge amount of threats poses challenges to network intrusion detection systems, which must handle the higher network traffic and perform more complicated packet processing. In general, pattern matching is a highly computationally intensive process part of network intrusion detection systems. In this paper, we present an efficient GPU-based pattern matching algorithm by leveraging the computational power of GPUs to accelerate the pattern matching operations to increase the over-all processing throughput. From the experiment results, the proposed algorithm achieved a maximum traffic processing throughput of 2.4 Gbit/s. The results demonstrate that GPUs can be used effectively to speed up intrusion detection systems.
引用
收藏
页码:1612 / 1617
页数:6
相关论文
共 50 条
  • [1] Efficient packet matching for gigabit network intrusion detection using TCAMs
    Gao, Ming
    Zhang, Kenong
    Lu, Jiahua
    [J]. 20TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 1, PROCEEDINGS, 2006, : 249 - +
  • [2] Efficient Pattern Matching on GPUs for Intrusion Detection Systems
    Tumeo, Antonino
    Villa, Oreste
    Sciuto, Donatella
    [J]. PROCEEDINGS OF THE 2010 COMPUTING FRONTIERS CONFERENCE (CF 2010), 2010, : 87 - 88
  • [3] An efficient parallel-network packet pattern-matching approach using GPUs
    Hung, Che-Lun
    Lin, Chun-Yuan
    Wang, Hsiao-Hsi
    [J]. JOURNAL OF SYSTEMS ARCHITECTURE, 2014, 60 (05) : 431 - 439
  • [4] Efficient Network Packet Signature Matching on GPUs
    Pan, Xiaohui
    [J]. 2013 2ND INTERNATIONAL SYMPOSIUM ON INSTRUMENTATION AND MEASUREMENT, SENSOR NETWORK AND AUTOMATION (IMSNA), 2013, : 219 - 222
  • [5] Efficient hardware support for pattern matching in network intrusion detection
    Guinde, Nitesh B.
    Ziavras, Sotirios G.
    [J]. COMPUTERS & SECURITY, 2010, 29 (07) : 756 - 769
  • [6] Efficient long signature matching for gigabit intrusion detection sensors
    Zhang, Kenong
    Gao, Ming
    Lu, Jiahua
    Guan, Xiaohong
    [J]. PROCEEDINGS OF THE 2006 IEEE INTERNATIONAL CONFERENCE ON NETWORKING, SENSING AND CONTROL, 2006, : 953 - 956
  • [7] A String Matching Based Intrusion Detection System for Gigabit Network
    Pan, Shuxia
    Sun, Wangjie
    Zheng, Zhigao
    Sun, Chang
    [J]. PROCEEDINGS OF 2010 ASIA-PACIFIC YOUTH CONFERENCE ON COMMUNICATION, VOLS 1 AND 2, 2010, : 79 - +
  • [8] Gigabit rate packet pattern-matching using TCAM
    Yu, F
    Katz, RH
    Lakshman, TV
    [J]. 12TH IEEE INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS - PROCEEDINGS, 2004, : 174 - 183
  • [9] EFFICIENT MULTIPLE PATTERN MATCHING ALGORITHMS FOR NETWORK INTRUSION DETECTION SYSTEMS
    Lee, Sunho
    Kim, Dong Kyue
    [J]. 2009 IEEE INTERNATIONAL CONFERENCE ON NETWORK INFRASTRUCTURE AND DIGITAL CONTENT, PROCEEDINGS, 2009, : 609 - 613
  • [10] Shift-or circuit for efficient network intrusion detection pattern matching
    Roan, Huang-Chun
    Hwang, Wen-Jyi
    Lo, Chia-Tien Dan
    [J]. 2006 INTERNATIONAL CONFERENCE ON FIELD PROGRAMMABLE LOGIC AND APPLICATIONS, PROCEEDINGS, 2006, : 785 - 790
12345