Kai-Ping Lu scite author profile

Kai-Ping Lu

2Publications

0Citation Statements Received

22Citation Statements Given

How they've been cited

How they cite others

Affiliations

Chang Gung University

Publications

Order By: Most citations

High-Speed Pattern Matching Algorithm with CPU/GPU Cooperation for Network Intrusion Detection Systems

Lee

Chen

2019

View full text Add to dashboard Cite

Network intrusion detection systems (NIDSs) have been widely deployed in the Internet to protect Internet-enabled devices from malicious attacks by performing deep packet inspection (DPI). Pattern matching plays an important role in DPI, and consumes a significant portion of system execution time for NIDSs. In this paper, we propose a high-speed pattern matching algorithm with CPU/GPU cooperation. Incoming packets are first inspected by the CPU to quickly filter out suspicious packets that may contain malicious patterns. Then the GPU, which has superior parallel computing power, takes over to determine if a suspicious packet does contain malicious patterns. In addition, in our proposed algorithm, the GPU does not have to inspect the entire payload of a packet, but instead can skip the partial packet payload that has been inspected by the CPU. Through the cooperation between a CPU and GPU, our proposed algorithm can achieve higher pattern mating speeds than other algorithms. Simulation results show that even in the case that all packets contain malicious patterns, our proposed algorithm can achieve a matching speed of 15 Gbps.

show abstract

A Fast and Scalable Multi-Pattern Matching Algorithm for Intrusion Detection Systems

Lee

Huang

Lu³

et al. 2015

View full text Add to dashboard Cite

In order to protect networks from attacks, network intrusion detection systems (NIDS) have been widely deployed. These devices scan incoming packets to detect malicious content according to the predefined patterns. It is time consuming for NIDS to inspect each packet to check if it contains any patterns. In this paper, we propose a scalable and high-performance pattern matching algorithm. The key idea behind the proposed algorithm is to build a small and adjustable lookup table which can be completely stored in the on-chip memory of a network processor, and reduce the probability of accessing the external memory. Since the latency of one on-chip memory access is far smaller than that of one external memory access, the time required to inspect a packet can be greatly reduced. Simulation results show that the proposed algorithm is significantly better than the compared algorithm in terms of speed and scalability.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Kai-Ping Lu

High-Speed Pattern Matching Algorithm with CPU/GPU Cooperation for Network Intrusion Detection Systems

A Fast and Scalable Multi-Pattern Matching Algorithm for Intrusion Detection Systems

Contact Info

Product

Resources

About