» Signature Matching in Network Processing Using SIMD/GPU Architectures

| Sorted by Date | Classified by Publication Type | Classified by Research Category |

Neelam Goyal, Justin Ormont, Randy Smith, Karthikeyan Sankaralingam, and Cristian Estan. Signature Matching in Network Processing Using SIMD/GPU Architectures. Technical Report TR1628, Department of Computer Sciences, The University of Wisconsin-Madison, 2008.

Download

[PDF] [HTML]

Abstract

Deep packet inspection is becoming prevalent for modern networkprocessing systems. They inspect packet payloads for a variety ofreasons, including intrusion detection, traffic policing, and loadbalancing. The focus of this paper is deep packet inspection inintrusion detection/prevention systems (IPSes). The performancecritical operation in these systems is signature matching: matchingpayloads against signatures of vulnerabilities. Increasing networkspeeds of today's networks and the transition from simplestring-based signatures to complex regular expressions has rapidlyincreased the performance requirement of signature matching.To meetthese requirements, solutions range from hardware-centric ASIC/FPGAimplementations to software implementations using high-performancemicroprocessors. In this paper, we propose a programmable SIMDarchitecture design for IPSes and develop a prototype implementationon an Nvidia G80 GPU. We first present a detailed architectural andmicroarchitectural analysis of signature matching. Our analysis showsthat signature matching is well suited for SIMD processing because ofregular control flow and parallelism available at the packet level. Weexamine the conventional approach of using deterministic finiteautomata (DFAs) and a new approach called extended finite automata(XFAs) which require far less memory than DFAs, but require scratchmemory and small amounts of computation in each state. We thendescribe a SIMD design to implement DFAs and XFAs. Using a SIMDarchitecture provides flexibility, programmability, and designproductivity which ASICs lack, while being area and power efficientwhich superscalar processors lack. Finally, we develop a prototypeimplementation using the G80 GPU as an example SIMDimplementation. This system out-performs a Pentium4 by up to 9X andshows SIMD systems are a promising candidate for signature matching.

Additional Information

This is a test of the extra info broadcasting system.

BibTeX

 @TECHREPORT{XFAGPU2008,
   AUTHOR = {Neelam Goyal and Justin Ormont and Randy Smith and Karthikeyan Sankaralingam and Cristian Estan},
   TITLE = "{Signature Matching in Network Processing Using SIMD/GPU Architectures}",
   abstract = {
 Deep packet inspection is becoming prevalent for modern network
 processing systems. They inspect packet payloads for a variety of
 reasons, including intrusion detection, traffic policing, and load
 balancing. The focus of this paper is deep packet inspection in
 intrusion detection/prevention systems (IPSes). The performance
 critical operation in these systems is signature matching: matching
 payloads against signatures of vulnerabilities. Increasing network
 speeds of today's networks and the transition from simple
 string-based signatures to complex regular expressions has rapidly
 increased the performance requirement of signature matching.To meet
 these requirements, solutions range from hardware-centric ASIC/FPGA
 implementations to software implementations using high-performance
 microprocessors. In this paper, we propose a programmable SIMD
 architecture design for IPSes and develop a prototype implementation
 on an Nvidia G80 GPU. We first present a detailed architectural and
 microarchitectural analysis of signature matching. Our analysis shows
 that signature matching is well suited for SIMD processing because of
 regular control flow and parallelism available at the packet level. We
 examine the conventional approach of using deterministic finite
 automata (DFAs) and a new approach called extended finite automata
 (XFAs) which require far less memory than DFAs, but require scratch
 memory and small amounts of computation in each state. We then
 describe a SIMD design to implement DFAs and XFAs. Using a SIMD
 architecture provides flexibility, programmability, and design
 productivity which ASICs lack, while being area and power efficient
 which superscalar processors lack. Finally, we develop a prototype
 implementation using the G80 GPU as an example SIMD
 implementation. This system out-performs a Pentium4 by up to 9X and
 shows SIMD systems are a promising candidate for signature matching.
 },
   INSTITUTION = {Department of Computer Sciences, The University of Wisconsin-Madison},
   SCHOOL = {The University of Wisconsin-Madison},
   ADDRESS = {Madison, WI},
   YEAR = 2008,
   NUMBER = {TR1628},
   bib_dl = {http://www.cs.wisc.edu/techreports/viewreport.php?report=1628},
   bib_dl_pdf = {http://www.cs.wisc.edu/techreports/2008/TR1628.pdf},
   bib_pubtype = {Tech Report},
   bib_rescat = {Architecture},
   bib_extra_info = {This is a test of the extra info broadcasting system.}
 }

Generated by bib.pl (written by Patrick Riley ) on Fri Jun 21, 2013 09:53:59 time=1207019082


Page last modified on October 18, 2017