Pubs2

Evaluating GPUs for Network Packet Signature Matching

| Sorted by Date | Classified by Publication Type | Classified by Project |

Randy Smith, Neelam Goyal, Justin Ormont, Karthikeyan Sankaralingam, and Cristian Estan. Evaluating GPUs for Network Packet Signature Matching. In Proceedings of the International Symposium on Performance Analysis of Systems and Software, 2009.

Download

[PDF[Slides]

Abstract

Modern network devices employ deep packet inspection to enablesophisticated services such as intrusion detection, traffic shaping,and load balancing. At the heart of such services is a signaturematching engine that must match packet payloads to multiple signaturesat line rates. However, the recent transition to complexregular-expression based signatures coupled with ever-increasingnetwork speeds has rapidly increased the performance requirements ofsignature matching. Solutions to meet these requirements range fromhardware-centric ASIC/FPGA implementations to software implementationsusing high-performance microprocessors.In this paper, we propose a programmable signature matching systemprototyped on an Nvidia G80 GPU. We first present a detailedarchitectural and microarchitectural analysis, showing that signaturematching is well suited for SIMD processing because of regular controlflow and parallelism available at the packet level. Next, we examinetwo approaches for matching signatures: standard deterministicfinite automata (DFAs) and extended finite automata (XFAs), which usefar less memory than DFAs but require specialized auxiliary memory andsmall amounts of computation in most states. We implement afully functional prototype on the SIMD-based G80 GPU.This system out-performs a Pentium4 by up to 9X and a Niagara-based 32-threadedsystem by up to 2.3X and shows that GPUs are a promising candidate forsignature matching.

BibTeX

 @inproceedings{ispass2009:xfagpu,
   author={Randy Smith and Neelam Goyal and Justin Ormont and Karthikeyan Sankaralingam and Cristian Estan},
   title="{Evaluating GPUs for Network Packet Signature Matching}"
   booktitle = "{Proceedings of the International Symposium on Performance Analysis of Systems and Software}",
   year={2009}
   abstract = {
 Modern network devices employ deep packet inspection to enable
 sophisticated services such as intrusion detection, traffic shaping,
 and load balancing.  At the heart of such services is a signature
 matching engine that must match packet payloads to multiple signatures
 at line rates.  However, the recent transition to complex
 regular-expression based signatures coupled with ever-increasing
 network speeds has rapidly increased the performance requirements of
 signature matching.  Solutions to meet these requirements range from
 hardware-centric ASIC/FPGA implementations to software implementations
 using high-performance microprocessors.
 In this paper, we propose a programmable signature matching system
 prototyped on an Nvidia G80 GPU.  We first present a detailed
 architectural and microarchitectural analysis, showing that signature
 matching is well suited for SIMD processing because of regular control
 flow and parallelism available at the packet level.  Next, we examine
 two approaches for matching signatures: standard deterministic
 finite automata (DFAs) and extended finite automata (XFAs), which use
 far less memory than DFAs but require specialized auxiliary memory and
 small amounts of computation in most states.  We implement a
 fully functional prototype on the SIMD-based G80 GPU.
 This system out-performs a Pentium4 by up to 9X and a Niagara-based 32-threaded
 system by up to 2.3X and shows that GPUs are a promising candidate for
 signature matching.
   }
  bib_dl_pdf = {http://www.cs.wisc.edu/vertical/papers/2009/ispass09-xfagpu.pdf},
  bib_dl_ppt = {http://www.cs.wisc.edu/vertical/talks/2009/ispass09-xfagpu.pdf},
  bib_pubtype = {Refereed Conference},
  bib_rescat = {proj-plug}
 }

Generated by bib.pl (written by Patrick Riley ) on Sun Sep 26, 2021 16:14:28 time=1207019082