In English

Network Intrusion Detection in Embedded/ IoT Devices using GPGPU - Increasing throughput while reducing power consumption with an integrated GPU

Simon Kindström
Göteborg : Chalmers tekniska högskola, 2018. 77 s.
[Examensarbete på avancerad nivå]

Internet of Things (IoT) devices are low-powered and network connected embedded computers that collect sensor data and perform computations at the edge of a network. These Internet-connected devices often lack sufficient security, with the Mirai botnet being the most highlighted incident to date. To detect attacks, a Network Intrusion Detection System (NIDS) may be used. Intrusion detection is often performed with the costly method of pattern matching, where predefined patterns are matched against observed network traffic, requiring up to 70% of a NIDS’s computational power. This thesis evaluates the suitability of using an embedded device with an integrated GPU as an NIDS. Direct Filter Classification, a state of the art pattern matching algorithm, is improved by moving part of the execution to a GPU. This implementation is then optimized, keeping the quirks of embedded systems in mind. Surprisingly, some optimizations that would intuitively result in an improved execution time, instead increases it. Further attempts at optimizations are performed in the heterogeneous design domain where the CPU and GPU cooperate extensively. Evaluation is performed by comparing the throughput of network traffic possible to analyze per second, and energy consumption of the algorithm in its different forms: CPU-only, GPU-only and a heterogeneous variant. These are later compared to another state of the art pattern matching algorithm. By utilizing a GPU, the throughput was increased by more than 2× while reducing the total energy consumption by more than 50%, compared to a CPU-only variant of DFC. The GPGPU variant of DFC was able to improve the throughput of the widely used pattern matching algorithm Aho-Corasick by more than 50% while only requiring 50% of the energy.

Nyckelord: Pattern matching, NIDS, Network Intrusion Detection System, IoT, GPU, GPGPU, OpenCL, Heterogeneous design

Publikationen registrerades 2018-09-18. Den ändrades senast 2018-09-18

CPL ID: 255945

Detta är en tjänst från Chalmers bibliotek