Efficient string matching: an aid to bibliographic search
Communications of the ACM
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Implementation of a Content-Scanning Module for an Internet Firewall
FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Time and area efficient pattern matching on FPGAs
FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
A fast string-matching algorithm for network processor-based intrusion detection system
ACM Transactions on Embedded Computing Systems (TECS)
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
SPANIDS: a scalable network intrusion detection loadbalancer
Proceedings of the 2nd conference on Computing frontiers
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Conservative vs. optimistic parallelization of stateful network intrusion detection
Proceedings of the 12th ACM SIGPLAN symposium on Principles and practice of parallel programming
A high performance NIDS using FPGA-based regular expression matching
Proceedings of the 2007 ACM symposium on Applied computing
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Rethinking hardware support for network analysis and intrusion prevention
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Proceedings of the 14th ACM conference on Computer and communications security
Compiling PCRE to FPGA for accelerating SNORT IDS
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
A hybrid finite automaton for practical deep packet inspection
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Exact multi-pattern string matching on the cell/b.e. processor
Proceedings of the 5th conference on Computing frontiers
A GPU-Based Multiple-Pattern Matching Algorithm for Network Intrusion Detection Systems
AINAW '08 Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops
XFA: Faster Signature Matching with Extended Automata
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Parallel Architecture for Stateful, High-Speed Intrusion Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
ACM Computing Surveys (CSUR)
RouteBricks: exploiting parallelism to scale software routers
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Regular Expression Matching on Graphics Hardware for Intrusion Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
PacketShader: a GPU-accelerated software router
Proceedings of the ACM SIGCOMM 2010 conference
High speed network traffic analysis with commodity multi-core systems
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Kargus: a highly-scalable software-based intrusion detection system
Proceedings of the 2012 ACM conference on Computer and communications security
Wire-speed statistical classification of network traffic on commodity hardware
Proceedings of the 2012 ACM conference on Internet measurement conference
A highly-efficient memory-compression approach for GPU-Accelerated virus signature matching
ISC'12 Proceedings of the 15th international conference on Information Security
New opportunities for load balancing in network-wide intrusion detection systems
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Scalanytics: a declarative multi-core platform for scalable composable traffic analytics
Proceedings of the 22nd international symposium on High-performance parallel and distributed computing
Comparison of caching strategies in modern cellular backhaul networks
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
Reviewing traffic classification
DataTraffic Monitoring and Analysis
A grand spread estimator using a graphics processing unit
Journal of Parallel and Distributed Computing
A regular expression matching engine with hybrid memories
Computer Standards & Interfaces
Hi-index | 0.00 |
Network intrusion detection systems are faced with the challenge of identifying diverse attacks, in extremely high speed networks. For this reason, they must operate at multi-Gigabit speeds, while performing highly-complex per-packet and per-flow data processing. In this paper, we present a multi-parallel intrusion detection architecture tailored for high speed networks. To cope with the increased processing throughput requirements, our system parallelizes network traffic processing and analysis at three levels, using multi-queue NICs, multiple CPUs, and multiple GPUs. The proposed design avoids locking, optimizes data transfers between the different processing units, and speeds up data processing by mapping different operations to the processing units where they are best suited. Our experimental evaluation shows that our prototype implementation based on commodity off-the-shelf equipment can reach processing speeds of up to 5.2 Gbit/s with zero packet loss when analyzing traffic in a real network, whereas the pattern matching engine alone reaches speeds of up to 70 Gbit/s, which is an almost four times improvement over prior solutions that use specialized hardware.