Regular expression matching on graphics hardware for intrusion detection

Giorgos Vasiliadis, Michalis Polychronakis, Spiros Antonatos, Evangelos P. Markatos, Sotiris Ioannidis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

62 Citations (Scopus)

Abstract

The expressive power of regular expressions has been often exploited in network intrusion detection systems, virus scanners, and spam filtering applications. However, the flexible pattern matching functionality of regular expressions in these systems comes with significant overheads in terms of both memory and CPU cycles, since every byte of the inspected input needs to be processed and compared against a large set of regular expressions. In this paper we present the design, implementation and evaluation of a regular expression matching engine running on graphics processing units (GPUs). The significant spare computational power and data parallelism capabilities of modern GPUs permits the efficient matching of multiple inputs at the same time against a large set of regular expressions. Our evaluation shows that regular expression matching on graphics hardware can result to a 48 times speedup over traditional CPU implementations and up to 16 Gbit/s in processing throughput. We demonstrate the feasibility of GPU regular expression matching by implementing it in the popular Snort intrusion detection system, which results to a 60% increase in the packet processing throughput.

Original languageEnglish
Title of host publicationRecent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings
Pages265-283
Number of pages19
Volume5758 LNCS
DOIs
Publication statusPublished - 2009
Externally publishedYes
Event12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009 - Saint-Malo, France
Duration: 23 Sep 200925 Sep 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5758 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009
CountryFrance
CitySaint-Malo
Period23/9/0925/9/09

    Fingerprint

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Vasiliadis, G., Polychronakis, M., Antonatos, S., Markatos, E. P., & Ioannidis, S. (2009). Regular expression matching on graphics hardware for intrusion detection. In Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings (Vol. 5758 LNCS, pp. 265-283). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5758 LNCS). https://doi.org/10.1007/978-3-642-04342-0_14