A Highly-Efficient Memory-Compression Scheme for GPU-Accelerated Intrusion Detection Systems

@article{Bellekens2014AHM,
  title={A Highly-Efficient Memory-Compression Scheme for GPU-Accelerated Intrusion Detection Systems},
  author={Xavier J. A. Bellekens and Christos Tachtatzis and Robert C. Atkinson and Craig Renfrew and Tony Kirkham},
  journal={ArXiv},
  year={2014},
  volume={abs/1704.02272}
}
Pattern Matching is a computationally intensive task used in many research fields and real world applications. Due to the ever-growing volume of data to be processed, and increasing link speeds, the number of patterns to be matched has risen significantly. In this paper we explore the parallel capabilities of modern General Purpose Graphics Processing Units (GPGPU) applications for high speed pattern matching. A highly compressed failure-less Aho-Corasick algorithm is presented for Intrusion… 
Multiple Pattern Matching for Network Security Applications: Acceleration through Vectorization
TLDR
This paper introduces efficient algorithmic designs for multiple pattern matching which ensure cache locality and utilize modern SIMD instructions, and shows how cache-locality combined with SIMD gather instructions, introduced in 2013 to Intel's family of processors, can be applied to pattern matching.
Strategies for Protecting Intellectual Property when Using CUDA Applications on Graphics Processing Units
TLDR
This work carries out a review of the different binary output formats which may be encountered from the CUDA compiler, and their implications on reverse engineering, and shows that the Nvidia compiler, using default settings, leaks useful information.
Co-evaluation of pattern matching algorithms on IoT devices with embedded GPUs
TLDR
A systematic and comprehensive benchmark that allows us to co-evaluate both existing and new pattern matching algorithms on heterogeneous devices equipped with embedded GPUs, suitable for medium- to high-level IoT deployments and proposes HYBRID, a newpattern matching approach that efficiently combines techniques from existing approaches and outperforms them by 1.4x, across a range of realistic and synthetic data sets.
Trie Compression for GPU Accelerated Multi-Pattern Matching
TLDR
A trie compression algorithm for massively parallel pattern matching is presented demonstrating 85% less space requirements than the original highly efficient parallel failure-less aho-corasick, whilst demonstrating over 22 Gbps throughput.
GPU source file NVCC PTX Code Host Code cubin file ELF Executable CUDA Driver
TLDR
This work carries out a review of the different binary output formats which may be encountered from the CUDA compiler, and their implications on reverse engineering, and shows that the Nvidia compiler, using default settings, leaks useful information.
Ensemble based collaborative and distributed intrusion detection systems: A survey
Machine Learning Approach for Detection of nonTor Traffic
TLDR
A hybrid Artificial neural network proved a better classifier than SVM in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset and Experimental results show that both algorithms could detect nonTor Traffic in the dataset.
Toward an Online Network Intrusion Detection System Based on Ensemble Learning
TLDR
A stacked ensemble learning based ANIDS that consists of autoencoder (AE), support vector machine (SVM), and random forest (RF) models is presented that can also limit both false positive and false negative predictions.
CryptoKnight: Generating and Modelling Compiled Cryptographic Primitives
TLDR
A novel approach for the classification of cryptographic primitives in compiled binary executables using deep learning is presented, using core primitives from OpenSSL with multivariate obfuscation, to draw a vastly scalable distribution.
A survey of intrusion detection system technologies
TLDR
This paper provides an overview of IDS types and how they work as well as configuration considerations and issues that affect them and aims to be a reference for IDS technologies other researchers and developers interested in the field of intrusion detection.
...
...

References

SHOWING 1-10 OF 21 REFERENCES
Fast, Large-Scale String Match for a 10Gbps FPGA-Based Network Intrusion Detection System
TLDR
This paper employs a scalable, low-latency architecture, and uses extensive fine-grain pipelining to tackle the fan-out, match, and encode bottlenecks and achieve operating frequencies in excess of 340MHz for fast Virtex devices.
A Highly-Efficient Memory-Compression Approach for GPU-Accelerated Virus Signature Matching
TLDR
An approach for implementing highly compressed Aho-Corasick and Commentz-Walter automatons for performing GPU-accelerated virus scanning, suitable for implementation in real-world software and hardware systems and shows how memory consumption can be improved dramatically, both in the pre-processing stage and at run-time.
Accelerating String Matching Using Multi-Threaded Algorithm on GPU
TLDR
A novel parallel algorithm to speedup string matching performed on GPUs is proposed and a new state machine for string matching is innovated, the state machine of which is more suitable to be performed on GPU.
Parallel Text Matching Using GPGPU
  • Ryosuke TakahashiUshio Inoue
  • Computer Science
    2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing
  • 2012
TLDR
The evaluation results show that the performance of the system using GPGPU is better than a system using 4-core CPU with smaller power consumption, and an open-source PFAC library is currently available.
Offloading IDS Computation to the GPU
  • N. JacobC. Brodley
  • Computer Science
    2006 22nd Annual Computer Security Applications Conference (ACSAC'06)
  • 2006
Signature-matching intrusion detection systems can experience significant decreases in performance when the load on the IDS-host increases. We propose a solution that off-loads some of the
GrAVity: A Massively Parallel Antivirus Engine
TLDR
GrAVity, a massively parallel antivirus engine utilizing the compute power of modern graphics processors, that contain hundreds of hardware microprocessors, suggests that modern graphics cards can be used effectively to perform heavy-duty anti-malware operations at speeds that cannot be matched by traditional CPU based techniques.
Fast Virus Signature Matching Based on the High Performance Computing of GPU
  • Yang Cheng
  • Computer Science
    2010 Second International Conference on Communication Software and Networks
  • 2010
TLDR
The system uses the GPU as a fast filter to quickly identify possible virus signatures for thousands of data objects in parallel and the performance of the library suggests that the GPU is now a viable platform for cost-effective, high-performance network security processing.
Prefix trees: new efficient data structures for matching strings of different lengths
  • N. YazdaniP. S. Min
  • Computer Science
    Proceedings 2001 International Database Engineering and Applications Symposium
  • 2001
TLDR
A simple scheme for comparing and sorting strings of different lengths first, then a binary prefix tree is proposed and extended to two m-way tree structures, static m-Way prefix tree and dynamic m- way prefix tree later.
Implementation results of bloom filters for string matching
TLDR
A string matching circuit has been implemented within the FPX platform using Bloom filters to scan Internet packets for malicious content using field programmable gate array technology.
Programming Massively Parallel Processors. A Hands-on Approach
  • Jie Cheng
  • Computer Science
    Scalable Comput. Pract. Exp.
  • 2010
TLDR
This comprehensive test/reference provides a foundation for the understanding and implementation of parallel programming skills which are needed to achieve breakthrough results by developing parallel applications that perform well on certain classes of Graphic Processor Units (GPUs).
...
...