Offloading IDS Computation to the GPU

Abstract

Signature-matching Intrusion Detection Systems can experience significant decreases in performance when the load on the IDS-host increases. We present a solution (called PixelSnort) that off-loads some of the computation performed by the IDS to the Graphics Processing Unit (GPU). Modern GPUs are programmable, stream-processors capable of high-performance computing that in recent years have been used in non-graphical computing tasks. The major operation in a signature- matching IDS is string-matching, as such, our solution implements the string-matching on the GPU. The results show that as the CPU load on the IDS host system increases, and IDS performance decreases, PixelSnort's performance is significantly more robust and is able to outperform conventional Snort by up to 40%. Future directions for this research include an investigation into the actual security of the GPU. Conventional operating systems treat the GPU as just another co-processor. However, given the increasing capabilities of GPUs, the possibility of GPU-specific attacks become more realizable: Can the GPU be compromised so as to render the host-system vulnerable to attack? Is the GPU susceptible to GPU-viruses/worms?