TABLE OF CONTENTS
Abstract
Abbreviations
Contents
CHAPTER ONE
1 Introduction
1.1 Problem Statement
1.2 Objectives
1.3 Scope of the Thesi
1.4 Outline of the Thesis
CHAPTER TWO
2 Literature Review
2.1 Porting Detection Engine of Snort to GPU
2.2 Modi ed Detection Engine on the GPU
2.3 Summary
3 General Purpose Computations on Graphics Processing Unit with CUDA
3.1 Graphics Processing Unit
3.2 Compute Uni ed Device Architecture
3.2.1 CUDA architecture
3.2.2 Memory Hierarchy
3.2.3 Compilation and execution
3.3 Summary
CHAPTER FOUR
4 Snort
4.1 Preprocessors of Snort
4.1.1 Preprocessor Options for Reassembling Packets
4.1.2 Preprocessor Options for Decoding and Normalizing Protocols
4.1.3 Preprocessor Options for Nonrule or Anomaly-Based Detection
4.2 Summary
CHAPTER FIVE
5 Methodology
5.1 Developing tools
5.2 Pro ling Snort
5.3 Proposed Solution
5.4 Summary
CHAPTER SIX
6 Results and Discussion
6.1 Testing Stream5AlertFlushStream
6.1.1 Optimization using Page-locked Memory
6.1.2 Optimization using both Page-locked and Shared memories
6.2 Testing Preprocess Function
6.3 Overall performance of Snort
6.4 Summary
CHAPTER SEVEN
7 Conclusions and Recommendations
7.1 Conclusion
7.2 Recommendation
References
Abstract
Advances in networking technologies enable interactions and communications at high speeds and large data volumes. But, securing data and the infrastructure has become a big issue. Intrusion Detection Systems such as Snort play an impor-tant role to secure the network. Intrusion detection systems are used to monitor networks for unauthorized access. Snort has a packet decoder, pre-processor, de-tection engine and an alerting system. The detection engine is the most compute intensive part followed by the pre-processor. Previous work has shown how gen-eral purpose graphics processing units(GP-GPU) can be used to accellerate the detection engine. This work focused on the pre-processors of Snort, speci cally, the stream5 pre-processor as pro ling revealed it to be the most time consuming of the pre-processors. The analysis shows that the individual implementation of stream5 using Compute Uni ed Device Architecture(CUDA) achieved up to ve times speed up over the baseline. Also, an over all 15.5 percent speed up on the Defense Advanced Research Projects Agency(DARPA) intrusion detection system dataset was observed when integrated in Snort.
Chapter 1
Introduction
Nowadays, there is a rapid development of network technologies and associated bandwidth. Though these developments enhance data communication, it also facilitates malicious activities against resources on the network. These malicious threats pose challenges to modern network security systems. Many methods have been developed to secure the network infrastructure and communication over the network. Examples of widely adopted security measures on the network are the use of rewalls and data encryption. In addition to these security measures Intrusions Detection and Prevention System (IDPS) [1] is a relatively new technique.
An Intrusion Detection System (IDS) is an application that monitors the network for any unauthorized accesses into it. The application monitors the network for violation of access permissions or other malicious activities. On the other hand, an Intrusion Prevention System blocks or prevents an intrusion. IDSs can be implemented in both hardware and software. Though hardware implementations are generally faster, they su er from a couple of shortcomings that limit their usability. First, they are more expensive to implement and maintain. Second, since hardware modi cation is di cult, they are less exible for improvement. Software implementations, on the other hand, can easily be modi ed with new........
================================================================
Item Type: Project Material | Size: 72 pages | Chapters: 1-5
Format: MS Word | Delivery: Within 30Mins.
================================================================