Offloading IDS Computation to the GPU

Nigel Jacob
Tufts University
USA

Carla Brodley
Tufts University
USA

Signature-matching Intrusion Detection Systems can experience significant decreases in per-
formance when the load on the IDS-host increases. We propose a solution that off-loads some of
the computation performed by the IDS to the Graphics Processing Unit (GPU). Modern GPUs
are programmable, stream-processors capable of high-performance computing that in recent
years have been used in non-graphical computing tasks. The ma jor operation in a signature-
matching IDS is string-matching, as such, our solution implements the string-matching on the
GPU. The results show that as the CPU load on the IDS host system increases, and IDS perfor-
mance decreases, PixelSnort’s performance is significantly more robust and is able to outperform
conventional Snort by up to 40%.

Keywords: intrusion detection gpu high-performance

Read Paper Read Paper (in PDF)