Premium
An architecture for exploiting multi‐core processors to parallelize network intrusion prevention
Author(s) -
Sommer Robin,
Paxson Vern,
Weaver Nicholas
Publication year - 2009
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.1422
Subject(s) - computer science , uniprocessor system , architecture , multi core processor , cache , network processor , network architecture , embedded system , distributed computing , computer network , operating system , network packet , multiprocessing , art , visual arts
It is becoming increasingly difficult to implement effective systems for preventing network attacks, due to the combination of the rising sophistication of attacks requiring more complex analyses to detect; the relentless growth in the volume of network traffic that we must analyze; and, critically, the failure in recent years for uniprocessor performance to sustain the exponential gains that for so many years CPUs have enjoyed. For commodity hardware, tomorrow's performance gains will instead come from multi‐core architectures in which a whole set of CPUs executes concurrently. Taking advantage of the full power of multi‐core processors for network intrusion prevention requires an in‐depth approach. In this work we frame an architecture customized for parallel execution of network attack analysis. At the lowest layer of the architecture is an ‘Active Network Interface’, a custom device based on an inexpensive FPGA platform. The analysis itself is structured as an event‐based system, which allows us to find many opportunities for concurrent execution, since events introduce a natural asynchrony into the analysis while still maintaining good cache locality. A preliminary evaluation demonstrates the potential of this architecture. Copyright © 2009 John Wiley & Sons, Ltd.