Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs
Paper in proceedings, 2019

Pattern matching is an important building block for many security applications, including Network Intrusion Detection Systems (NIDS). As NIDS grow in functionality and complexity, the time overhead and energy consumption of pattern matching become a significant consideration that limits the deployability of such systems, especially on resource-constrained devices. On the other hand, the emergence of new computing platforms, such as embedded devices with integrated, general-purpose Graphics Processing Units (GPUs), brings new, interesting challenges and opportunities for algorithm design in this setting: how to make use of new architectural features and how to evaluate their effect on algorithm performance. Up to now, work that focuses on pattern matching for such platforms has been limited to specific algorithms in isolation.

In this work, we present a systematic and comprehensive benchmark that allows us to co-evaluate both existing and new pattern matching algorithms on heterogeneous devices equipped with embedded GPUs, suitable for medium- to high-level IoT deployments. We evaluate the algorithms on such a heterogeneous device, in close connection with the architectural features of the platform and provide insights on how these features affect the algorithms' behavior. We find that, in our target embedded platform, GPU-based pattern matching algorithms have competitive performance compared to the CPU and consume half as much energy as the CPU-based variants. Based on these insights, we also propose HYBRID, a new pattern matching approach that efficiently combines techniques from existing approaches and outperforms them by 1.4x, across a range of realistic and synthetic data sets. Our benchmark details the effect of various optimizations, thus providing a path forward to make existing security mechanisms such as NIDS deployable on IoT devices.

NIDS

embedded devices

GPU computing

pattern matching

Author

Charalampos Stylianopoulos

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Simon Kindström

Student at Chalmers

Magnus Almgren

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Olaf Landsiedel

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Marina Papatriantafilou

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Proceedings of the 35th Annual Computer Security Applications Conference

17-27

35th Annual Computer Security Applications Conference
San Juan, Puerto Rico,

Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)

European Commission (Horizon 2020), 2017-11-01 -- 2020-04-30.

RIOT: Resilient Internet of Things

Swedish Civil Contingencies Agency, 2019-01-01 -- 2023-12-31.

Resilient Information and Control Systems (RICS)

Swedish Civil Contingencies Agency, 2015-09-01 -- 2020-08-31.

Subject Categories

Communication Systems

Computer Science

Computer Systems

DOI

10.1145/3359789.3359811

More information

Latest update

7/20/2020