Evaluation of a Massively Parallel Architecture for Network Security Applications

Network security applications such as to detect malware, security breaches, and covert channels require packet inspection and processing. Performing these functions at very high network line rates and low power is critical to safe guarding enterprise networks from various cyber-security threats. Solutions based on FPGA and single or multi-core CPUs has several limitations with regards to power and the ability to match the ever increasing line rates. This paper describes a MPPA (Massively Parallelized Processing Architecture) framework based on the Ambric parallel processing device that can speed up computation of network packet processing and analysis tasks. This is accomplished with a programmable processor interconnection that enables parallelizing the application and replication of data through channels. In this paper, we consider three network security applications - detecting malware, detecting covert timing channels, and a symmetric encryption engine. Experimental analyses of parallel implementations of the detection algorithms show that MPAA can easily achieve throughput greater than 1 Gbps with low power usage.