Regular Expression Matching on Graphics Hardware for Intrusion Detection
Institute of Computer Science, Foundation for Research and Technology – Hellas
Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, 2009, Volume 5758/2009, 265-283
@conference{vasiliadis2009regular,
title={Regular expression matching on graphics hardware for intrusion detection},
author={Vasiliadis, G. and Polychronakis, M. and Antonatos, S. and Markatos, E. and Ioannidis, S.},
booktitle={Recent Advances in Intrusion Detection},
pages={265–283},
year={2009},
organization={Springer}
}
The expressive power of regular expressions has been often exploited in network intrusion detection systems, virus scanners, and spam filtering applications. However, the flexible pattern matching functionality of regular expressions in these systems comes with significant overheads in terms of both memory and CPU cycles, since every byte of the inspected input needs to be processed and compared against a large set of regular expressions. In this paper we present the design, implementation and evaluation of a regular expression matching engine running on graphics processing units (GPUs). The significant spare computational power and data parallelism capabilities of modern GPUs permits the efficient matching of multiple inputs at the same time against a large set of regular expressions. Our evaluation shows that regular expression matching on graphics hardware can result to a 48 times speedup over traditional CPU implementations and up to 16 Gbit/s in processing throughput. We demonstrate the feasibility of GPU regular expression matching by implementing it in the popular Snort intrusion detection system, which results to a 60% increase in the packet processing throughput.
February 5, 2011 by hgpu