vii ii iii
advertisement
vii TABLE OF CONTENTS CHAPTER 1 TITLE PAGE DECLARATION ii DEDICATION iii ACKNOWLEDGEMENT iv ABSTRACT v ABSTRAK vi TABLE OF CONTENTS vii LIST OF TABLES xi LIST OF FIGURES xii LIST OF ABBREVIATIONS xiv LIST OF APPENDICES xvi INTRODUCTION 1 1.1 Introduction 1 1.2 Problem Statement And Motivation 2 1.3 Aim and Objectives 3 1.4 Project Scope 3 1.5 Thesis Organization 4 viii 2 LITERATURE REVIEW 5 2.1 Intrusion Detection Systems 5 2.1.1 Types of Intrusion Detection Systems 6 2.1.2 General Architecture of Intrusion Detection System 2.2 2.3 Snort: An Open Source Network Intrusion Detection System 11 Graphics Processing Unit 11 2.3.1 NVIDIA GPU Architecture 14 2.3.2 GPGPU: General Purpose Computing on Graphic Processing Unit 2.4 2.5 2.6 3 7 15 CUDA Architecture and Programming Model for GPGPU 16 2.4.1 CUDA Memory Layout 16 2.4.2 CUDA Data Management Model 18 2.4.3 Sample CUDA Code 19 Bloom Filter Pattern Matching Algorithm 22 2.5.1 23 Hash Functions Related Works 24 METHODOLOGY 28 3.1 Introduction 28 3.2 Design and Development Process 30 3.3 Software and Hardware Requirements 31 3.3.1 CUDA Software Development Toolkit version 5.5 32 3.3.2 Microsoft Visual Studio 2008 32 3.3.3 WinPcap version 4.1.3 and Developer 3.3.4 Pack version 4.1.2 32 Nemesis 1.4.1 32 3.4 Proposed Framework Design Architecture 3.5 Algorithm and Data Structure Design for 33 ix Detection Engine with Bloom Filter Pattern Matching Algorithm 3.6 System Functionality and Performance Evaluation Methodologies 4 41 RESULTS AND DISCUSSIONS 43 4.1 Introduction 43 4.2 Bloom Filter pattern matching algorithm design 43 4.2.1 Arash Partow Hash Function 44 4.2.2 Performance evaluation of the Bloom Filter pattern matching algorithm design 5 35 45 4.3 Network Packet Capture Module Design 47 4.4 System Performance Evaluation 49 4.5 Comparison with the previous work 53 CONCLUSION 54 5.1 Conclusions 54 5.2 Future Work 55 REFERENCES 56 Appendices A - B 59 x LIST OF TABLES TABLE NO. TITLE PAGE 3.1 Class members for CBloom_Parameters 38 3.2 Class functions for CBloom_Parameters 38 3.3 Class members for CBloom_Filter 39 3.4 Class functions for CBloom_Filter 39 3.5 Performance Metrics Summary for Inrusion Detection System (IDS) evaluation 43 4.1 CPU hardware specification 46 4.2 GPU hardware specification 46 4.3 Packet Loss Rate comparison between GPU and CPU as pattern matching engine for NIDS 50 4.4 Signature List Insertion Time 51 4.5 Average pattern matching query time per signature 52 4.6 Performance Metrics of the NIDS with Bloom Filter (m=65536 and k=8) with Arash Partow (AP) Hash 4.7 Function 53 Comparison with previous works 55 xi LIST OF FIGURES FIGURE NO. 2.1 TITLE PAGE Computer Network Security System with Firewall and NIDS 8 2.2 Basic architecture of IDS 9 2.3 Flow Chart of Data Collection Module 10 2.4 Flow Chart of Detection Module 11 2.5 GPU hardware graphics pipeline 13 2.6 Comparison of Floating Points Operations per second between the (a) CPU and (b) GPU 2.7 14 High level overview of internal architecture difference between the (a) CPU and (b) GPU 14 2.8 Block diagram of Nvidia GeForce GT 640M LE 15 2.9 Block diagram of ALU on NVIDIA SMX 16 2.10 Block diagram of CUDA memory layout 18 2.11 (a) Ideal and (b) non-ideal hash functions mapping set U to set V 2.12 26 A Counting Bloom Filter with 4-bit up/down counters 28 3.1 Flow chart of the entire project 31 3.2 Design and Development Process Framework 32 3.3 Block diagram of proposed framework architecture 35 3.4 Design of GPU based Detection Engine for Bloom 3.5 Filter Pattern Matching Algorithm 37 Design of parallel Bloom Filter with GPU 41 xii 4.1 Performance Comparison between the CPU and GPU 48 in pattern matching with Bloom Filter algorithm (m = 65536 and k = 8) 4.2 False Positive Probability for Bloom Filter (m=65536, k=8) with Arash Partow (AP) Hash Function 4.3 48 Snapshot of network packet send and receive between the virtual Operating System and the host PC 4.4 49 Packet Loss Rate comparison between GPU and CPU as pattern matching engine for Network Intrusion Detection System 50 4.5 Signature List Insertion Time 52 4.6 Average Pattern Matching Query Time 53 4.7 System Accuracy comparison between GPU and 54 CPU as a pattern matching engine xiii LIST OF ABBREVIATIONS AGP - Accelerated Graphics Port ALU - Arithmetic Logic Unit AP - Arash Partow API - Application Programming Interface ASIC - Application Specific Integration Circuit CUDA - Compute Unified Device Architecture CPU - Central Processing Unit FLOPS - Floating Point Operations Per Second FN - False Negative FP - False Positive FPGA - Field Programmable Gate Array GHz - Gigahertz GPU - Graphics Processing Unit GPGPU - General Purpose Computation on Graphics Processing Units HIDS - Host Intrusion Detection System ICMP - Internet Control Message Protocol IDE - Integrated Development Environment IDS - Intrusion Detection System IP - Internet Protocol IPv4 - Internet Protocol version 4 IPv6 - Internet Protocol version 6 LFSR - Linear Feedback Shift Register MHz - Megahertz xiv NIC - Network Interface Card NIDS - Network Intrusion Detection System OS - Operating System PC - Personal Computer PCI-e - Peripheral Component Interconnect Express RAM - Random Access Memory SDK - Software Development Kit SDLC - Software Development Life Cycle SIMD - Single Instruction Multiple Data SIMT - Single Instruction Multiple Thread SMX - Streaming Multiprocessor SP - Streaming Processor TCP - Transmission Control Protocol TN - True Negative TP - True Positive UDP - User Datagram Protocol VPU - Video Processing Unit xv LIST OF APPENDICES APPENDIX TITLE PAGE A APPENDIX A 59 B APPENDIX B 61
