Multi-Pattern GPU Accelerated Collision-Less Rabin-Karp for NIDS
Pages 1 - 16
Abstract
In the domain of network communication, network intrusion detection systems (NIDS) play a crucial role in maintaining security by identifying potential threats. NIDS relies on packet inspection, often using rule-based databases to scan for malicious patterns. However, the expanding scale of internet connections hampers the rate of packet inspection. To address this, some systems employ GPU accelerated pattern matching algorithms. Yet, this approach is susceptible to denial of service (DOS) attacks, inducing hashing collisions and slowing inspection. This research introduces a GPU-optimized variation of the Rabin-Karp algorithm, achieving scalability on GPUs while resisting DOS attacks. Our open-source solution (https://github.com/AnasAbbas1/NIDS) combines six polynomial hashing functions, eliminating the need for false-positive validation. This leads to a substantial improvement in inspection speed and accuracy. The proposed system ensures minimal packet misclassification rates, solidifying its role as a robust tool for real-time network security.
References
[1]
Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., & Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1), e4150.
[2]
Aho, A. V, & Corasick, M. J. (1975). Efficient String Matching: An Aid to Bibliographic Search.
[3]
Aigbe, P., & Nwelih, E. (2021). Analysis and Performance Evaluation of Selected Pattern Matching Algorithms. NIPES Journal of Science and Technology Research, 3(2). Advance online publication.
[4]
Azarudeen, k., Kumar, S. H., Aswin Vijay, T. V, Thirukumaran, P., & Balaji, V. S. B. (2023). Intrusion Detection System based on Pattern Recognition using CNN. 2023 International Conference on Sustainable Computing and Smart Systems (ICSCSS), (pp. 567–574). IEEE. 10.1109/ICSCSS57650.2023.10169670
[5]
Baloi, A., Belean, B., Turcu, F., & Peptenatu, D. (2023). GPU-based similarity metrics computation and machine learning approaches for string similarity evaluation in large datasets. Soft Computing. Advance online publication.
[6]
BoukebousA. A. E.FettacheM. I.BendiabG.ShiaelesS. (2023). A Comparative Analysis of Snort 3 and Suricata. 2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET), (pp. 1–6). IEEE. 10.1109/GlobConET56651.2023.10150141
[7]
Boyer, R. S., & Moore, J. S. (1977). A fast string searching algorithm. Communications of the ACM, 20(10), 762–772.
[8]
Çelebi, M., & Yavanoğlu, U. (2023). Accelerating Pattern Matching Using a Novel Multi-Pattern-Matching Algorithm on GPU. Applied Sciences (Basel, Switzerland), 13(14), 8104.
[9]
Chen, C. L., & Lai, J. L. (2023). An Experimental Detection of Distributed Denial of Service Attack in CDX 3 Platform Based on Snort. Sensors (Basel), 23(13), 6139. 37447987.
[10]
Fernandez De Arroyabe, I., Arranz, C. F. A., Arroyabe, M. F., & Fernandez de Arroyabe, J. C. (2023). Cybersecurity capabilities and cyber-attacks as drivers of investment in cybersecurity systems: A UK survey for 2018 and 2019. Computers & Security, 124, 102954.
[11]
Groth, T., Groppe, S., Pionteck, T., Valdiek, F., & Koppehel, M. (2023). Hybrid CPU/GPU/APU accelerated query, insert, update and erase operations in hash tables with string keys. Knowledge and Information Systems, 65(10), 4359–4377.
[12]
Gulyás, O., & Kiss, G. (2023). Impact of cyber-attacks on the financial institutions. Procedia Computer Science, 219, 84–90.
[13]
Hnaif, A., Jaber, K., Alia, M., & Daghbosheh, M. (2021). Parallel scalable approximate matching algorithm for network intrusion detection systems. The International Arab Journal of Information Technology, 18(1), 77–84.
[14]
Jakim, B., Shankar, D., Victo, G., George, S., Naidu, J., & Madhuri, S. (n.d.). Deep Analysis of Risks and Recent Trends Towards Network Intrusion Detection System. In IJACSA) International Journal of Advanced Computer Science and Applications, 14(1). www.ijacsa.thesai.org
[15]
Karcioglu, A. A., & Bulut, H. (2021). Improving hash-q exact string matching algorithm with perfect hashing for DNA sequences. Computers in Biology and Medicine, 131, 104292. 33662682.
[16]
Karp, R. M., & Rabin, M. O. (1987). Efficient randomized pattern-matching algorithms. IBM Journal of Research and Development, 31(2), 249–260.
[17]
Keserwani, P. K., Govil, M. C., & Pilli, E. S. (2023). An effective NIDS framework based on a comprehensive survey of feature optimization and classification techniques. Neural Computing & Applications, 35(7), 4993–5013.
[18]
Knuth, D. E., & Morris James, H. (1977). Fast pattern matching in strings. SIAM Journal on Computing, 6(2), 323–350.
[19]
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186.
[20]
Liao, H. J., Richard Lin, C. H., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A comprehensive review. In Journal of Network and Computer Applications, 36(1), 16–24.
[21]
Merrill, D. (n.d.). CUB: A pattern of “collective” software design, abstraction, and reuse for kernel-level programming. Research Gate.
[22]
Merrill, D., & Garland, M. (n.d.). Single-pass Parallel Prefix Scan with Decoupled Look-back. Research Gate.
[23]
Mijwil, M., Unogwu, O. J., Filali, Y., Bala, I., & Al-Shahwani, H. (2023). Exploring the Top Five Evolving Threats in Cybersecurity: An In-Depth Overview. Mesopotamian Journal of Cyber Security, 57–63. 10.58496/MJCS/2023/010
[24]
Najam-ul-Islam, M., Zahra, F. T., Jafri, A. R., Shah, R., Hassan, M., & Rashid, M. (2022). Auto implementation of parallel hardware architecture for Aho-Corasick algorithm. Design Automation for Embedded Systems, 26(1), 29–53.
[25]
Nunes, L. S. N., Bordim, J. L., Ito, Y., & Nakano, K. (2020). A rabin-karp implementation for handling multiple pattern-matching on the gpu. IEICE Transactions on Information and Systems, E103D(12), 2412–2420. 10.1587/transinf.2020PAP0002
[26]
Papadogiannaki, E., Ioannidis, S., & Tsirantonakis, G. (n.d.). Network Intrusion Detection in Encrypted Traffic Article Social media analysis during political turbulence View project Network Intrusion Detection in Encrypted Traffic. Research Gate. https://www.researchgate.net/publication/362263511
[27]
Sardar, A., Issa, A., & Albayrak, Z. (n.d.). DDoS Attack Intrusion Detection System Based on Hybridization of CNN and LSTM. In Acta Polytechnica Hungarica, 20(2).
[28]
Siva Kumar, C., Sandeep, V., & Reddy, K. (n.d.). Design of Acceptance Sampling based Network Intrusion Detection system using Deep Learning Techniques Mohd khalid 2. In Journal of Survey in Fisheries Sciences, 10(1).
[29]
Sommestad, T., Holm, H., & Steinvall, D. (2022). Variables influencing the effectiveness of signature-based network intrusion detection systems. Information Security Journal, 31(6), 711–728.
Index Terms
- Multi-Pattern GPU Accelerated Collision-Less Rabin-Karp for NIDS
Index terms have been assigned to the content through auto-classification.
Recommendations
GPU-to-GPU and Host-to-Host Multipattern String Matching on a GPU
We develop GPU adaptations of the Aho-Corasick and multipattern Boyer-Moore string matching algorithms for the two cases GPU-to-GPU (input to the algorithms is initially in GPU memory and the output is left in GPU memory) and host-to-host (input and ...
A highly-efficient memory-compression approach for GPU-Accelerated virus signature matching
ISC'12: Proceedings of the 15th international conference on Information SecurityWe are proposing an approach for implementing highly compressed Aho-Corasick and Commentz-Walter automatons for performing GPU-accelerated virus scanning, suitable for implementation in real-world software and hardware systems. We are performing ...
A Highly-Efficient Memory-Compression Scheme for GPU-Accelerated Intrusion Detection Systems
SIN '14: Proceedings of the 7th International Conference on Security of Information and NetworksPattern Matching is a computationally intensive task used in many research fields and real world applications. Due to the ever-growing volume of data to be processed, and increasing link speeds, the number of patterns to be matched has risen ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2024.
Publisher
IGI Global
United States
Publication History
Published: 09 April 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Dec 2024