MIDeA: a multi-parallel intrusion detection architecture
Foundation for Research and Technology – Hellas , Heraklion, Greece
Proceedings of the 18th ACM conference on Computer and communications security (CCS ’11), 2011
@inproceedings{vasiliadis2011midea,
title={MIDeA: a multi-parallel intrusion detection architecture},
author={Vasiliadis, G. and Polychronakis, M. and Ioannidis, S.},
booktitle={Proceedings of the 18th ACM conference on Computer and communications security},
pages={297–308},
year={2011},
organization={ACM}
}
Network intrusion detection systems are faced with the challenge of identifying diverse attacks, in extremely high speed networks. For this reason, they must operate at multi-Gigabit speeds, while performing highly-complex per-packet and per-flow data processing. In this paper, we present a multi-parallel intrusion detection architecture tailored for high speed networks. To cope with the increased processing throughput requirements, our system parallelizes network traffic processing and analysis at three levels, using multi-queue NICs, multiple CPUs, and multiple GPUs. The proposed design avoids locking, optimizes data transfers between the different processing units, and speeds up data processing by mapping different operations to the processing units where they are best suited. Our experimental evaluation shows that our prototype implementation based on commodity off-the-shelf equipment can reach processing speeds of up to 5.2 Gbit/s with zero packet loss when analyzing traffic in a real network, whereas the pattern matching engine alone reaches speeds of up to 70 Gbit/s, which is an almost four times improvement over prior solutions that use specialized hardware.
December 27, 2011 by hgpu
