Security Investigate

Gnort: High Performance Network Intrusion Detection Using Graphics Processors

Download now Free registration required

Executive Summary

The constant increase in link speeds and number of threats poses challenges to Network Intrusion Detection Systems (NIDS), which must cope with higher traffic throughput and perform even more complex per-packet processing. This paper presents an intrusion detection system based on the Snort open-source NIDS that exploits the underutilized computational power of modern graphics cards to offload the costly pattern matching operations from the CPU, and thus increase the over-all processing throughput. The prototype system, called Gnort, achieved a maximum traffic processing throughput of 2.3 Gbit/s using synthetic network traces, while when monitoring real traffic using a commodity Ethernet interface, it outperformed unmodified Snort by a factor of two.

  • Format: PDF
  • Size: 247.5 KB