TY - GEN
T1 - GoldenEye
T2 - 43rd IEEE Conference on Local Computer Networks, LCN 2018
AU - Gong, Qian
AU - Wu, Wenji
AU - DeMar, Phil
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - High-performance packet analysis systems have attracted great interest as tools to deal with security concerns in high-speed networks. Recently, researchers have utilized GPUs to improve packet processing performance. However, most existing work has been targeted at per-packet analysis level. Flow-centric operations have been challenging for GPUs because they require sequential operations and large buffers for flow reassembly. In this work, we present the GoldenEye GPU Packet Processing System (GoldenEye), a deep packet inspection (DPI) system that tracks out-of-order TCP packets and provides stream-based signature matching. When a batch of packets arrives, GoldenEye sorts packets into flow-reassembled streams and normalizes retransmission through a GPU-implemented reordering module. For signatures that straddle batch boundaries, GoldenEye couples a small set of metadata with a functionally-equivalent minimal regular expression retrieval algorithm to connect the partial matches. Results show that GoldenEye can reassemble tens of millions of packets/sec and conduct stateful DPI operations on TCP streams at multi-ten Gbit/sec rates.
AB - High-performance packet analysis systems have attracted great interest as tools to deal with security concerns in high-speed networks. Recently, researchers have utilized GPUs to improve packet processing performance. However, most existing work has been targeted at per-packet analysis level. Flow-centric operations have been challenging for GPUs because they require sequential operations and large buffers for flow reassembly. In this work, we present the GoldenEye GPU Packet Processing System (GoldenEye), a deep packet inspection (DPI) system that tracks out-of-order TCP packets and provides stream-based signature matching. When a batch of packets arrives, GoldenEye sorts packets into flow-reassembled streams and normalizes retransmission through a GPU-implemented reordering module. For signatures that straddle batch boundaries, GoldenEye couples a small set of metadata with a functionally-equivalent minimal regular expression retrieval algorithm to connect the partial matches. Results show that GoldenEye can reassemble tens of millions of packets/sec and conduct stateful DPI operations on TCP streams at multi-ten Gbit/sec rates.
UR - https://www.scopus.com/pages/publications/85062889672
U2 - 10.1109/LCN.2018.8638115
DO - 10.1109/LCN.2018.8638115
M3 - Conference contribution
AN - SCOPUS:85062889672
T3 - Proceedings - Conference on Local Computer Networks, LCN
SP - 632
EP - 639
BT - 43rd IEEE Conference on Local Computer Networks, LCN 2018
PB - IEEE Computer Society
Y2 - 1 October 2018 through 4 October 2018
ER -