TY - GEN
T1 - Regular expression matching on graphics hardware for intrusion detection
AU - Vasiliadis, Giorgos
AU - Polychronakis, Michalis
AU - Antonatos, Spiros
AU - Markatos, Evangelos P.
AU - Ioannidis, Sotiris
PY - 2009
Y1 - 2009
N2 - The expressive power of regular expressions has been often exploited in network intrusion detection systems, virus scanners, and spam filtering applications. However, the flexible pattern matching functionality of regular expressions in these systems comes with significant overheads in terms of both memory and CPU cycles, since every byte of the inspected input needs to be processed and compared against a large set of regular expressions. In this paper we present the design, implementation and evaluation of a regular expression matching engine running on graphics processing units (GPUs). The significant spare computational power and data parallelism capabilities of modern GPUs permits the efficient matching of multiple inputs at the same time against a large set of regular expressions. Our evaluation shows that regular expression matching on graphics hardware can result to a 48 times speedup over traditional CPU implementations and up to 16 Gbit/s in processing throughput. We demonstrate the feasibility of GPU regular expression matching by implementing it in the popular Snort intrusion detection system, which results to a 60% increase in the packet processing throughput.
AB - The expressive power of regular expressions has been often exploited in network intrusion detection systems, virus scanners, and spam filtering applications. However, the flexible pattern matching functionality of regular expressions in these systems comes with significant overheads in terms of both memory and CPU cycles, since every byte of the inspected input needs to be processed and compared against a large set of regular expressions. In this paper we present the design, implementation and evaluation of a regular expression matching engine running on graphics processing units (GPUs). The significant spare computational power and data parallelism capabilities of modern GPUs permits the efficient matching of multiple inputs at the same time against a large set of regular expressions. Our evaluation shows that regular expression matching on graphics hardware can result to a 48 times speedup over traditional CPU implementations and up to 16 Gbit/s in processing throughput. We demonstrate the feasibility of GPU regular expression matching by implementing it in the popular Snort intrusion detection system, which results to a 60% increase in the packet processing throughput.
UR - https://www.scopus.com/pages/publications/76649131237
U2 - 10.1007/978-3-642-04342-0_14
DO - 10.1007/978-3-642-04342-0_14
M3 - Conference contribution
SN - 3642043410
SN - 9783642043413
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 265
EP - 283
BT - Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings
PB - Springer Verlag
T2 - 12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009
Y2 - 23 September 2009 through 25 September 2009
ER -