Signature Matching in Network Processing Using SIMD/GPU Architectures
| Sorted by Date | Classified by Publication Type | Classified by Research Category |
Neelam Goyal, Justin Ormont, Randy Smith, Karthikeyan Sankaralingam, and Cristian Estan. Signature Matching in Network Processing Using SIMD/GPU Architectures. Technical Report TR1628, Department of Computer Sciences, The University of Wisconsin-Madison, 2008.
Download
Abstract
Deep packet inspection is becoming prevalent for modern networkprocessing systems. They inspect packet payloads for a variety ofreasons, including intrusion detection, traffic policing, and loadbalancing. The focus of this paper is deep packet inspection inintrusion detection/prevention systems (IPSes). The performancecritical operation in these systems is signature matching: matchingpayloads against signatures of vulnerabilities. Increasing networkspeeds of today's networks and the transition from simplestring-based signatures to complex regular expressions has rapidlyincreased the performance requirement of signature matching.To meetthese requirements, solutions range from hardware-centric ASIC/FPGAimplementations to software implementations using high-performancemicroprocessors. In this paper, we propose a programmable SIMDarchitecture design for IPSes and develop a prototype implementationon an Nvidia G80 GPU. We first present a detailed architectural andmicroarchitectural analysis of signature matching. Our analysis showsthat signature matching is well suited for SIMD processing because ofregular control flow and parallelism available at the packet level. Weexamine the conventional approach of using deterministic finiteautomata (DFAs) and a new approach called extended finite automata(XFAs) which require far less memory than DFAs, but require scratchmemory and small amounts of computation in each state. We thendescribe a SIMD design to implement DFAs and XFAs. Using a SIMDarchitecture provides flexibility, programmability, and designproductivity which ASICs lack, while being area and power efficientwhich superscalar processors lack. Finally, we develop a prototypeimplementation using the G80 GPU as an example SIMDimplementation. This system out-performs a Pentium4 by up to 9X andshows SIMD systems are a promising candidate for signature matching.
Additional Information
This is a test of the extra info broadcasting system.
BibTeX
@TECHREPORT{XFAGPU2008,
AUTHOR = {Neelam Goyal and Justin Ormont and Randy Smith and Karthikeyan Sankaralingam and Cristian Estan},
TITLE = "{Signature Matching in Network Processing Using SIMD/GPU Architectures}",
abstract = {
Deep packet inspection is becoming prevalent for modern network
processing systems. They inspect packet payloads for a variety of
reasons, including intrusion detection, traffic policing, and load
balancing. The focus of this paper is deep packet inspection in
intrusion detection/prevention systems (IPSes). The performance
critical operation in these systems is signature matching: matching
payloads against signatures of vulnerabilities. Increasing network
speeds of today's networks and the transition from simple
string-based signatures to complex regular expressions has rapidly
increased the performance requirement of signature matching.To meet
these requirements, solutions range from hardware-centric ASIC/FPGA
implementations to software implementations using high-performance
microprocessors. In this paper, we propose a programmable SIMD
architecture design for IPSes and develop a prototype implementation
on an Nvidia G80 GPU. We first present a detailed architectural and
microarchitectural analysis of signature matching. Our analysis shows
that signature matching is well suited for SIMD processing because of
regular control flow and parallelism available at the packet level. We
examine the conventional approach of using deterministic finite
automata (DFAs) and a new approach called extended finite automata
(XFAs) which require far less memory than DFAs, but require scratch
memory and small amounts of computation in each state. We then
describe a SIMD design to implement DFAs and XFAs. Using a SIMD
architecture provides flexibility, programmability, and design
productivity which ASICs lack, while being area and power efficient
which superscalar processors lack. Finally, we develop a prototype
implementation using the G80 GPU as an example SIMD
implementation. This system out-performs a Pentium4 by up to 9X and
shows SIMD systems are a promising candidate for signature matching.
},
INSTITUTION = {Department of Computer Sciences, The University of Wisconsin-Madison},
SCHOOL = {The University of Wisconsin-Madison},
ADDRESS = {Madison, WI},
YEAR = 2008,
MONTH = {December},
NUMBER = {TR1628},
bib_dl = {http://www.cs.wisc.edu/techreports/viewreport.php?report=1628},
bib_dl_pdf = {http://www.cs.wisc.edu/techreports/2008/TR1628.pdf},
bib_pubtype = {Tech Report},
bib_rescat = {Architecture},
bib_extra_info = {This is a test of the extra info broadcasting system.}
}
Generated by bib.pl (written by Patrick Riley ) on Thu Mar 04, 2021 10:09:29 time=1207019082