تطبیق الگوی چندگانه برای برنامه های امنیتی شبکه
ترجمه نشده

تطبیق الگوی چندگانه برای برنامه های امنیتی شبکه

عنوان فارسی مقاله: تطبیق الگوی چندگانه برای برنامه های امنیتی شبکه: افزایش سرعت از طریق بردارسازی
عنوان انگلیسی مقاله: Multiple pattern matching for network security applications: Acceleration through vectorization
مجله/کنفرانس: مجله رایانش موازی و توزیع شده - Journal Of Parallel And Distributed Computing
رشته های تحصیلی مرتبط: کامپیوتر
گرایش های تحصیلی مرتبط: مهندسی الگوریتم ها و محاسبات، رایانش ابری، امنیت اطلاعات، معماری سیستم های کامپیوتری، مهندسی نرم افزار
کلمات کلیدی فارسی: تطبیق الگو، یک دستور چند داده، بردارسازی، جمع آوری
کلمات کلیدی انگلیسی: Pattern matching، SIMD، Vectorization، Gather
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
نمایه: Scopus - Master Journals List - JCR
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.jpdc.2019.10.011
دانشگاه: Chalmers University of Technology, Sweden
صفحات مقاله انگلیسی: 19
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2020
ایمپکت فاکتور: 2/250 در سال 2019
شاخص H_index: 73 در سال 2020
شاخص SJR: 0/417 در سال 2019
شناسه ISSN: 0743-7315
شاخص Quartile (چارک): Q3 در سال 2019
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: خیر
آیا این مقاله مدل مفهومی دارد: ندارد
آیا این مقاله پرسشنامه دارد: ندارد
آیا این مقاله متغیر دارد: ندارد
کد محصول: E14281
رفرنس: دارای رفرنس در داخل متن و انتهای مقاله
فهرست مطالب (انگلیسی)

Abstract

1- Introduction

2- Background

3- System model

4- S-PATCH : a vectorizable version of DFC

5- V-PATCH : Vectorized algorithmic design

6- Performance model

7- Evaluation

8- Other related work

9- Conclusion

References

بخشی از مقاله (انگلیسی)

Abstract

As both new network attacks emerge and network traffic increases in volume, the need to perform network traffic inspection at high rates is ever increasing. The core of many security applications that inspect network traffic (such as Network Intrusion Detection) is pattern matching. At the same time, pattern matching is a major performance bottleneck for those applications: indeed, it is shown to contribute to more than 70% of the total running time of Intrusion Detection Systems. Although numerous efficient approaches to this problem have been proposed on custom hardware, it is challenging for pattern matching algorithms to gain benefit from the advances in commodity hardware. This becomes even more relevant with the adoption of Network Function Virtualization, that moves network services, such as Network Intrusion Detection, to the cloud, where scaling on commodity hardware is key for performance.
In this paper, we tackle the problem of pattern matching and show how to leverage the architecture features found in commodity platforms. We present efficient algorithmic designs that achieve good cache locality and make use of modern vectorization techniques to utilize data parallelism within each core. We first identify properties of pattern matching that make it fit for vectorization and show how to use them in the algorithmic design. Second, we build on an earlier, cache-aware algorithmic design and show how we apply cache-locality combined with SIMD gather instructions to pattern matching. Third, we complement our algorithms with an analytical model that predicts their performance and that can be used to easily evaluate alternative designs. We evaluate our algorithmic design with open data sets of real-world network traffic: Our results on two different platforms, Haswell and Xeon-Phi, show a speedup of 1.8x and 3.6x, respectively, over Direct Filter Classification (DFC), a recently proposed algorithm by Choi et al. for pattern matching exploiting cache locality, and a speedup of more than 2.3x over Aho–Corasick, a widely used algorithm in today’s Intrusion Detection Systems. Finally, we utilize highly parallel hardware platforms, evaluate the scalability of our algorithms and compare it to parallel implementations of DFC and Aho–Corasick, achieving processing throughput of up to 45Gbps and close to 2 times higher throughput than Aho–Corasick.

Introduction

Pattern matching is an essential building block for many security applications, such as antivirus programs or Network Intrusion Detection Systems (NIDS). In its core, pattern matching algorithms operate on two sets of input: (i) a predefined set of patterns and (ii) an incoming stream of data and attempt to detect if any of the patterns exist in the stream. In this work, we focus on the problem of fixed-string, multiple pattern matching, i.e. the patterns are string literals and, differently from single pattern matching [9,24], we are simultaneously tracking the presence of many patterns. In the context of Network Intrusion Detection Systems, the set of patterns are signatures of known malicious attacks (usually in the order of thousands) that the system aims to detect and the data stream is the reassembled stream of packets captured from the network interface. Motivation and Challenges.