Abstract
The large quantities of data now being transferred via high-speed networks have made deep packet inspection indispensable for security purposes. Scalable and low-cost signature-based network intrusion detection systems have been developed for deep packet inspection for various software platforms. Traditional approaches that only involve central processing units (CPUs) are now considered inadequate in terms of inspection speed. Graphic processing units (GPUs) have superior parallel processing power, but transmission bottlenecks can reduce optimal GPU efficiency. In this paper we describe our proposal for a hybrid CPU/GPU pattern-matching algorithm (HPMA) that divides and distributes the packet-inspecting workload between a CPU and GPU. All packets are initially inspected by the CPU and filtered using a simple pre-filtering algorithm, and packets that might contain malicious content are sent to the GPU for further inspection. Test results indicate that in terms of random payload traffic, the matching speed of our proposed algorithm was 3.4 times and 2.7 times faster than those of the AC-CPU and AC-GPU algorithms, respectively. Further, HPMA achieved higher energy efficiency than the other tested algorithms.
Highlights
Conventional network security systems such as firewalls provide protection by inspecting packet headers for abnormal IP addresses, ports, and protocols
Throughput continued to increase when the pre-filter operated with 6 or 7 central processing units (CPUs) threads due to performance compensation attributed to increased parallelism, but another sharp decrease in throughput was observed when the number of CPU threads was increased to eight, likely because other system processes were being executed in one HT core, resulting in greater resource contention
We found that the percentage of intrusive packets exerted almost no impact on hybrid CPU/GPU pattern-matching algorithm (HPMA)-AC throughput when the number of CPU threads did not exceed 4
Summary
Conventional network security systems such as firewalls provide protection by inspecting packet headers for abnormal IP addresses, ports, and protocols. Examining headers does not ensure security, especially from the perspective of application layers [1,2,3]; network intrusion detection systems (NIDSs) have been developed to provide greater security. A NIDS can be categorized as anomaly-based or signature-based. Anomaly-based NIDSs detect intrusions by monitoring network activity and determining if any abnormal behavior occurs [4,5,6]. Signature-based NIDSs determine whether incoming packet payloads contain malicious content, defined as “signatures” or “patterns.” When such patterns are found, systems generate alert messages to administrators in an effort to protect other network devices. Since signaturebased NIDSs generally provide better detection against known attacks, they have been the focus of a larger number of studies
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
