Accelaration of Preprocessors of the Snort Network Intrusion Detection System Using General Purpose Graphics Processing Unit
No Thumbnail Available
Date
2015-04
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Advances in networking technologies enable interactions and communications at
high speeds and large data volumes. But, securing data and the infrastructure
has become a big issue. Intrusion Detection Systems such as Snort play an important
role to secure the network. Intrusion detection systems are used to monitor
networks for unauthorized access. Snort has a packet decoder, pre-processor, detection
engine and an alerting system. The detection engine is the most compute
intensive part followed by the pre-processor. Previous work has shown how general
purpose graphics processing units(GP-GPU) can be used to accellerate the
detection engine. This work focused on the pre-processors of Snort, speci cally,
the stream5 pre-processor as pro ling revealed it to be the most time consuming
of the pre-processors. The analysis shows that the individual implementation of
stream5 using Compute Uni ed Device Architecture(CUDA) achieved up to ve
times speed up over the baseline. Also, an over all 15.5 percent speed up on the
Defense Advanced Research Projects Agency(DARPA) intrusion detection system
dataset was observed when integrated in Snort.
Key words: Intrusion Detection System, Snort, Graphics Processing Unit,
CUDA, Parallelization, Porting, Preprocessor.
Description
Keywords
Intrusion Detection System, Snort, Graphics Processing Unit, Cuda, Parallelization, Porting, Preprocessor