Attack signature matching using graphics processors in high-performance intrusion detection systems

Network Intrusion Detection Systems (NIDS) which should perform time-consuming evaluation of every packet received from network have faced throughput challenge as a result of the increase in the speed of network communications and the high volume of Internet threats. In an NIDS, the most important and time-consuming processes are pattern matching and deep inspection of the header and the body of packets. Several analyses show that this process can take up to 75% of the time of processing packets. In this paper, relying on the processing power of general purpose graphics cards - which seem to be a better option compared to other hardware technologies like FPGAs with regard to speed, scalability, flexibility, ease of programming and price - and with the idea of having the signature-based detection engine of NIDS systems run on GPU rather than CPU, it is tried to present an efficient method to increase the speed of intrusion detection systems such as Snort. The proposed method provides a means to perform payload matching and non-payload matching of packets in a parallel platform on GPU, which can speed up the signature-based detection engine of Snort 3.6.