MIDeA: A multi-parallel intrusion detection architecture

Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

83 Citations (Scopus)

Abstract

Network intrusion detection systems are faced with the challenge of identifying diverse attacks, in extremely high speed networks. For this reason, they must operate at multi-Gigabit speeds, while performing highly-complex per-packet and per-flow data processing. In this paper, we present a multi-parallel intrusion detection architecture tailored for high speed networks. To cope with the increased processing throughput requirements, our system parallelizes network traffic processing and analysis at three levels, using multi-queue NICs, multiple CPUs, and multiple GPUs. The proposed design avoids locking, optimizes data transfers between the different processing units, and speeds up data processing by mapping different operations to the processing units where they are best suited. Our experimental evaluation shows that our prototype implementation based on commodity off-the-shelf equipment can reach processing speeds of up to 5.2 Gbit/s with zero packet loss when analyzing traffic in a real network, whereas the pattern matching engine alone reaches speeds of up to 70 Gbit/s, which is an almost four times improvement over prior solutions that use specialized hardware.

Original languageEnglish
Title of host publicationCCS'11 - Proceedings of the 18th ACM Conference on Computer and Communications Security
Pages297-308
Number of pages12
DOIs
Publication statusPublished - 2011
Externally publishedYes
Event18th ACM Conference on Computer and Communications Security, CCS'11 - Chicago, IL, United States
Duration: 17 Oct 201121 Oct 2011

Other

Other18th ACM Conference on Computer and Communications Security, CCS'11
CountryUnited States
CityChicago, IL
Period17/10/1121/10/11

    Fingerprint

Keywords

  • Acceleration
  • GPU
  • Intrusion detection
  • NIDS
  • Pattern matching

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Vasiliadis, G., Polychronakis, M., & Ioannidis, S. (2011). MIDeA: A multi-parallel intrusion detection architecture. In CCS'11 - Proceedings of the 18th ACM Conference on Computer and Communications Security (pp. 297-308) https://doi.org/10.1145/2046707.2046741