Gnort: High performance network intrusion detection using graphics processors

Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos P. Markatos, Sotiris Ioannidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

161 Citations (Scopus)

Abstract

The constant increase in link speeds and number of threats poses challenges to network intrusion detection systems (NIDS), which must cope with higher traffic throughput and perform even more complex per-packet processing. In this paper, we present an intrusion detection system based on the Snort open-source NIDS that exploits the underutilized computational power of modern graphics cards to offload the costly pattern matching operations from the CPU, and thus increase the overall processing throughput. Our prototype system, called Gnort, achieved a maximum traffic processing throughput of 2.3 Gbit/s using synthetic network traces, while when monitoring real traffic using a commodity Ethernet interface, it outperformed unmodified Snort by a factor of two. The results suggest that modern graphics cards can be used effectively to speed up intrusion detection systems, as well as other systems that involve pattern matching operations.

Original languageEnglish
Title of host publicationRecent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings
Pages116-134
Number of pages19
DOIs
Publication statusPublished - 27 Nov 2008
EventRecent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings - Cambridge, MA, United States
Duration: 15 Sep 200817 Sep 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5230 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceRecent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings
CountryUnited States
CityCambridge, MA
Period15/9/0817/9/08

Keywords

  • GPU
  • Intrusion detection systems
  • Network security
  • Parallel programming
  • Pattern matching
  • SIMD

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Gnort: High performance network intrusion detection using graphics processors'. Together they form a unique fingerprint.

  • Cite this

    Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E. P., & Ioannidis, S. (2008). Gnort: High performance network intrusion detection using graphics processors. In Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings (pp. 116-134). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5230 LNCS). https://doi.org/10.1007/978-3-540-87403-4_7