Gnort: High Performance Network Intrusion Detection Using Graphics Processors
نویسندگان
چکیده
The constant increase in link speeds and number of threats poses challenges to network intrusion detection systems (NIDS), which must cope with higher traffic throughput and perform even more complex per-packet processing. In this paper, we present an intrusion detection system based on the Snort open-source NIDS that exploits the underutilized computational power of modern graphics cards to offload the costly pattern matching operations from the CPU, and thus increase the overall processing throughput. Our prototype system, called Gnort, achieved a maximum traffic processing throughput of 2.3 Gbit/s using synthetic network traces, while when monitoring real traffic using a commodity Ethernet interface, it outperformed unmodified Snort by a factor of two. The results suggest that modern graphics cards can be used effectively to speed up intrusion detection systems, as well as other systems that involve pattern matching operations.
منابع مشابه
Improvement and parallelization of Snort network intrusion detection mechanism using graphics processing unit
Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...
متن کاملIntrusion Detection Architecture Utilizing Graphics Processors
With the thriving technology and the great increase in the usage of computer networks, the risk of having these network to be under attacks have been increased. Number of techniques have been created and designed to help in detecting and/or preventing such attacks. One common technique is the use of Intrusion Detection Systems (IDS). Today, number of open sources and commercial IDS are availabl...
متن کاملA Flexible Pattern-Matching Algorithm for Network Intrusion Detection Systems Using Multi-Core Processors
As part of network security processes, network intrusion detection systems (NIDSs) determine whether incoming packets contain malicious patterns. Pattern matching, the key NIDS component, consumes large amounts of execution time. One of several trends involving general-purpose processors (GPPs) is their use in software-based NIDSs. In this paper, we describe our proposal for an efficient and fl...
متن کاملAccelerating Outlier Detection with Uncertain Data Using Graphics Processors
Outlier detection (also known as anomaly detection) is a common data mining task in which data points that lie outside expected patterns in a given dataset are identified. This is useful in areas such as fault detection, intrusion detection and in pre-processing before further analysis. There are many approaches already in use for outlier detection, typically adapting other existing data mining...
متن کاملA Survey on Intrusion Detection System Using Data Mining Techniques
Nowadays, an increasing number of populations are accessing the Internet for commercial services which is the major cause for attack. Threats are created everyday by an individual or by the organization that attacks the network system. Unusual Malicious activities and unauthorized access are identified by observing the network in Intrusion Detection System. IDS is a passive monitoring system, i...
متن کامل