Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs
Paper i proceeding, 2019

Pattern matching is an important building block for many security applications, including Network Intrusion Detection Systems (NIDS). As NIDS grow in functionality and complexity, the time overhead and energy consumption of pattern matching become a significant consideration that limits the deployability of such systems, especially on resource-constrained devices. On the other hand, the emergence of new computing platforms, such as embedded devices with integrated, general-purpose Graphics Processing Units (GPUs), brings new, interesting challenges and opportunities for algorithm design in this setting: how to make use of new architectural features and how to evaluate their effect on algorithm performance. Up to now, work that focuses on pattern matching for such platforms has been limited to specific algorithms in isolation.

In this work, we present a systematic and comprehensive benchmark that allows us to co-evaluate both existing and new pattern matching algorithms on heterogeneous devices equipped with embedded GPUs, suitable for medium- to high-level IoT deployments. We evaluate the algorithms on such a heterogeneous device, in close connection with the architectural features of the platform and provide insights on how these features affect the algorithms' behavior. We find that, in our target embedded platform, GPU-based pattern matching algorithms have competitive performance compared to the CPU and consume half as much energy as the CPU-based variants. Based on these insights, we also propose HYBRID, a new pattern matching approach that efficiently combines techniques from existing approaches and outperforms them by 1.4x, across a range of realistic and synthetic data sets. Our benchmark details the effect of various optimizations, thus providing a path forward to make existing security mechanisms such as NIDS deployable on IoT devices.

embedded devices

NIDS

GPU computing

pattern matching

Författare

Charalampos Stylianopoulos

Chalmers, Data- och informationsteknik, Nätverk och system

Simon Kindström

Student vid Chalmers

Magnus Almgren

Chalmers, Data- och informationsteknik, Nätverk och system

Olaf Landsiedel

Chalmers, Data- och informationsteknik, Nätverk och system

Marina Papatriantafilou

Chalmers, Data- och informationsteknik, Nätverk och system

ACM International Conference Proceeding Series

17-27
978-1-4503-7628-0 (ISBN)

35th Annual Computer Security Applications Conference
San Juan, Puerto Rico,

Säkra IT-system för drift och övervakning av samhällskritisk infrastruktur

Myndigheten för samhällsskydd och beredskap (2015-828), 2015-09-01 -- 2020-08-31.

RIOT: Ett resilient sakernas internet

Myndigheten för samhällsskydd och beredskap (MSB2018-12526), 2019-01-01 -- 2023-12-31.

Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)

Europeiska kommissionen (EU) (EC/H2020/773717), 2017-11-01 -- 2020-04-30.

Ämneskategorier

Kommunikationssystem

Datavetenskap (datalogi)

Datorsystem

DOI

10.1145/3359789.3359811

Mer information

Senast uppdaterat

2023-03-21