Offloading IDS Computation to the GPU
Tufts University, Computer Science Department, 161 College Ave, Medford, MA 02155
22nd Annual Computer Security Applications Conference, 2006. ACSAC ’06, p.371-380
@conference{jacob2006offloading,
title={Offloading IDS Computation to the GPU},
author={Jacob, N. and Brodley, C.},
booktitle={Computer Security Applications Conference, 2006. ACSAC’06. 22nd Annual},
pages={371–380},
isbn={0769527167},
issn={1063-9527},
year={2006},
organization={IEEE}
}
Signature-matching intrusion detection systems can experience significant decreases in performance when the load on the IDS-host increases. We propose a solution that off-loads some of the computation performed by the IDS to the graphics processing unit (GPU). Modern GPUs are programmable, stream-processors capable of high-performance computing that in recent years have been used in non-graphical computing tasks. The major operation in a signature-matching IDS is matching values seen operation to known black-listed values, as such, our solution implements the string-matching on the GPU. The results show that as the CPU load on the IDS host system increases, PixelSnort’s performance is significantly more robust and is able to outperform conventional Snort by up to 40%.
December 23, 2010 by hgpu