co evaluation of pattern matching algorithms on iot
play

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with - PowerPoint PPT Presentation

Sep 21, 2022 •576 likes •908 views

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos Stylianopoulos Simon Kindstrm Magnus Almgren Olaf Landsiedel Marina Papatriantafilou Distributed Computing and Systems Motivation IoT security

  1. Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos Stylianopoulos Simon Kindström Magnus Almgren Olaf Landsiedel Marina Papatriantafilou Distributed Computing and Systems

  2. Motivation ¢ IoT security is a concern ¢ Recent attacks: l Show that IoT security is lacking • Mirai botnet • Attacks on a casino’s aquarium thermostat l Underline the need for countermeasures 2

  3. Motivation Standard security countermeasures (e.g. NIDS) can be applied l on the IoT devices themselves l on the entry point to the network of IoT devices 3

  4. Motivation ¢ Challenges l Resource constrained devices l More connected devices -> More traffic to inspect ¢ NIDS l Performance bottleneck l Not tailored to hardware 4

  5. Motivation: Pattern matching Pattern matching = The core functionality of NIDS Goal: Compare all network Input Stream … http://some.site.com/get.asp?f=/etc/passwd … GET HTTP try_backdoor… traffic against all malicious signatures … /etc/passwd Search for all patterns, admin.dll anywhere in the network get.asp stream. backdoor … more than 70% of Pattern set running time [1] … http://some.site.com/get.asp?f=/etc/passwd … GET HTTP try_backdoor… 5 [1] "Generating realistic workloads for network intrusion detection systems", Antonatos et al.

  6. Motivation: New Devices ¢ Opportunities l IoT/Embedded hardware is evolving l New hardware features • Example: ODROID single board computers with embedded Graphic Processor Units (GPUs) Making use of those features is an open issue 6

  7. Our work ¢ The questions we are trying to answer in this work: l Which algorithms to use? l What are the hardware characteristics that affect the performance? l How to create new algorithms that make best use of those characteristics? 8

  8. Our work ¢ Co-evaluation of pattern matching algorithms l Evaluate existing implementations l Influence the design of new ones ¢ Target embedded GPUs l Deep look in their architectural features ¢ Extensive evaluation l Different datasets, patterns, l Energy efficiency 9

  9. Outline ¢ Background l GPU computing ¢ Our Benchmark ¢ Evaluation 10

  10. Background ¢ General Purpose GPU computing (GPGPU) l Other than graphics, GPUs can be used for general tasks as well l Highly parallel architecture ¢ Pattern matching on a GPU: Not a new thing l Not much work on embedded GPUs [1]"Gnort: High Performance Network Intrusion Detection Using Graphics Processors”, Vasiliadis et al., RAID 2008 [2]"APUNet: Revitalizing GPU as Packet Processing Accelerator”, Go et al, NSDI 2017 [3]"A highly-efficient memory-compression scheme for GPU-accelerated intrusion detection 11 systems”, Bellekens et al. SINCONF 2017

  11. Background ¢ The platform Source :Energy efficient run-time mapping and thread partitioning of concurrent 12 OpenCL applications on CPU-GPU MPSoCs

  12. Background Important characteristics (unique to embedded GPUS) ¢ Small number of cores/threads ¢ No main memory on the GPU Ø Shared main memory between CPU and GPU ¢ No local memory on chip ¢ Vectorization in each GPU thread ¢ Separate instruction counter per GPU thread Ø No need to worry about divergent execution 13

  13. Outline ¢ Background ¢ Our Benchmark l Algorithms l Optimizations ¢ Evaluation 14

  14. Algorithms Representative algorithms from two categories: Filtering based State machine based Aho Corasick CPU DFC GPU 15

  15. ¢ Aho Corasick Algorithms (CPU) ¢ DFC The Aho-Corasick algorithm ¢ Used in many Network Intrusion Detection Systems ¢ Builds a State Machine (SM) from all the patterns ¢ Traverses the SM reading the input byte by byte Benefits • Only one lookup per input byte • Poor cache locality Limitations • Data dependencies 16 “Efficient String Matching: An Aid to Bibliographic Search”, A. Aho, M, Corasick, ACM Comm.’75

  16. ¢ Aho Corasick Algorithms (CPU) ¢ DFC The DFC algorithm … a c t i v a t e ¢ Creates a filter from patterns a d m i n . d l l ¢ Quickly filter outs parts of b a c k d o o r the input g e t . a s p Pattern set … ... ba bb ... ab ac ad ... ge … 0 1 1 0 0 0 1 0 0 0 1 0 0 Filter (8 KB) Input Stream Fits in cache! … t h i s i s a n i n p u t 17 “DFC: Accelerating String Pattern Matching for Network Applications”, Choi et al. NSDI’16

  17. ¢ Aho Corasick Algorithms (CPU) ¢ DFC The DFC algorithm (continued) … … Initial%filter ¢ Progressive filtering 1B 223B 427B 82 B … … … … … … … … l in cache Pattern … … … … length specific … … filters … … ¢ Verification Hash% l in memory tables • Cache locality (on filtering) Benefits • No data dependencies Limitations • Verification phase is costly 18 “DFC: Accelerating String Pattern Matching for Network Applications”, Choi et al. NSDI’16

  18. Algorithms Representative algorithms from two categories: Filtering based State machine based Aho Corasick CPU DFC GPU DFC (GPU) PFAC [1] HYBRID 19 [1] “Accelerating Pattern Matching Using a Novel Parallel Algorithm on GPUs” Lin et al., TOC 2013

  19. Hardware-oriented optimizations Relevant aspects that we investigate: ¢ Memory mapping vs data transfers l 2-5X faster with memory mapping ¢ Placement of the filters l Global memory l Texture memory l Local memory ¢ Vectorization l No significant speedup 20 More in the paper…

  20. Outline ¢ Background ¢ Our Benchmark ¢ Evaluation 21

  21. Evaluation Methodology CPU 4 ARM big.LITTLE GPU ARM Mali-T628 (6 shader cores) Hardware Memory 2GB RAM Sensors On board energy sensors l 3 publicly available traffic traces Datasets l 1 randomly generated data set l 2183 patterns (from Snort) Malicious l 5000 patterns ( emergingthreats.net) Patterns 22

  22. Evaluation Methodology ¢ Goal of the evaluation: How fast we can process the input ( execution time ) 1. How much energy we spent for processing ( energy consumption ) 2. Effect of datasets and number of patterns 3. Influence the design of new algorithms 4. ¢ Versions: l Aho-Corasick CPU l DFC l PFAC l DFC on GPU (w/wo vectorization) GPU l HYBRID (w/wo vectorization) 23

  23. Evaluation Results ¢ Experiment 1: execution time breakdown CPU->GPU CPU->GPU Post-processing Vect CPU Versions GPU Versions ( Post-processing = Output which and how many patterns matched, on the CPU ) 24

  24. Evaluation Results ¢ Experiment 2: energy consumption 25

  25. Evaluation Results ¢ Experiment 3: effect of datasets and #patterns 2183 patterns 5000 patterns 26

  26. Evaluation Results ¢ Experiment 4: configuring Hybrid Slower access time (green trend, left y-axis) Bigger Filter = 27 Higher hit ratio -> Less verification (red trend, right y-axis)

  27. Conclusions & Future Work ¢ Conclusions l New hardware features (embedded GPUs) can alleviate the bottleneck of pattern matching l Architecture characteristics important for high performance and low energy consumption l Possible to design new algorithms tailored to the hardware ¢ Future Work l Overlap CPU/GPU execution (heterogeneous design) l More algorithms and devices (e.g. Nvidia’s Jetson Nano) l Integrate with existing systems (e.g. Snort) ¢ Code available online 28

  28. ¢ Backup Slides 29

  29. Background (1/3) ¢ Snort l The de-facto NIDS l Signature based (malicious signatures are known in advance) l The main pipeline looks like that more than 70% includes pattern of running time 30 matching

  30. ¢ Aho Corasick Algorithms (CPU) ¢ DFC The Aho-Corasick algorithm ¢ Used in many Network Intrusion Detection Systems ¢ Builds a State Machine (SM) from all the patterns ¢ Traverses the SM reading the input byte by byte Benefits • Only one lookup per input byte • Poor cache locality Limitations • Data dependencies “Efficient String Matching: An Aid to Bibliographic Search”, A. Aho, M, Corasick, ACM Comm.’75 31

  31. Related work ¢ State machine based ¢ Filter based l Aho Corasick l DFC … a c t i v a t e a d m i n . d l l b a c k d o o r g e t . a s p Pattern set … ba bb ... ... ab ac ad ... ge … … … … 0 0 0 0 0 1 1 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 Filter (8 KB) Benefits Benefits • Cache locality (on filtering) • Only one lookup per input byte • No data dependencies Limitations • Poor cache locality Limitations • Much of the hardware remains underutilized • Data dependencies e.g. vector “Efficient String Matching: An Aid to Bibliographic "DFC: Accelerating String Pattern Matching for Network 32 instructions? Search”, A. Aho, M, Corasick, ACM Comm.’75 Applications”, Choi et al. NSDI’16

Recommend

Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern

Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern

Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern Matching 1 Outline and Reading Strings (11.1) Pattern matching algorithms Brute-force algorithm (11.2.1) Boyer-Moore algorithm (11.2.2)

612 views • 14 slides
Pattern matching with the su ffi x tree Zsuzsanna Lipt ak Masters in Medical Bioinformatics

Pattern matching with the su ffi x tree Zsuzsanna Lipt ak Masters in Medical Bioinformatics

Bioinformatics Algorithms (Fundamental Algorithms, module 2) Pattern matching with the su ffi x tree Zsuzsanna Lipt ak Masters in Medical Bioinformatics academic year 2018/19, II. semester Su ffi x Trees 2 2 / 18 Recall: Pattern matching

522 views • 3 slides
Pattern matching algorithms Vineet Bafna April 23, 2004 1 Algorithms for keyword search

Pattern matching algorithms Vineet Bafna April 23, 2004 1 Algorithms for keyword search

Pattern matching algorithms Vineet Bafna April 23, 2004 1 Algorithms for keyword search These are meant to supplement your class notes, but do not substitute for class lectures. Try these algorithms on examples and make sure that you

63 views • 3 slides
Pattern matching algorithms Vineet Bafna October 4, 2004 1 Algorithms for keyword search

Pattern matching algorithms Vineet Bafna October 4, 2004 1 Algorithms for keyword search

Pattern matching algorithms Vineet Bafna October 4, 2004 1 Algorithms for keyword search These are meant to supplement your class notes, but do not substitute for class lectures. Try these algorithms on examples and make sure that you

230 views • 3 slides
Bioinformatics Algorithms (Fundamental Algorithms, module 2) Zsuzsanna Lipt ak Masters in

Bioinformatics Algorithms (Fundamental Algorithms, module 2) Zsuzsanna Lipt ak Masters in

Bioinformatics Algorithms (Fundamental Algorithms, module 2) Zsuzsanna Lipt ak Masters in Medical Bioinformatics academic year 2018/19, II. semester Suffix Trees 2 Pattern matching with the suffix tree 2 / 18 Recall: Pattern matching

580 views • 27 slides
Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching

Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching

Introduction Background Deliverables & Methodology State of research Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching Thomas Given-Wilson, University of Technology, Sydney Supervisor:

559 views • 21 slides
Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern

Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern

CSC209 Fall 2001 What is AWK? Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern matches, do something Many details handled automatically very easy to one off (write and throw away)

673 views • 12 slides
Globbing, pattern matching Globbing is the term used for bashs form of pattern matching in

Globbing, pattern matching Globbing is the term used for bashs form of pattern matching in

Globbing, pattern matching Globbing is the term used for bashs form of pattern matching in commands It is used when we want to use a pattern to describe a set of strings, e.g. all filenames ending in .c, all directories that have a

755 views • 5 slides
Quantum pattern matching fast on average Ashley Montanaro Department of Computer Science,

Quantum pattern matching fast on average Ashley Montanaro Department of Computer Science,

Quantum pattern matching fast on average Ashley Montanaro Department of Computer Science, University of Bristol, UK 12 January 2015 Pattern matching In the traditional pattern matching problem, we seek to find a pattern P : [ m ] within

1.25k views • 53 slides
LPEG: a new approach to pattern LPEG: a new approach to pattern matching in Lua matching in Lua

LPEG: a new approach to pattern LPEG: a new approach to pattern matching in Lua matching in Lua

LPEG: a new approach to pattern LPEG: a new approach to pattern matching in Lua matching in Lua Roberto Ierusalimschy (real) regular expressions (real) regular expressions inspiration for most pattern-matching tools Ken Thompson, 1968

1.05k views • 58 slides
CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix

CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix

CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix Regular expressions in Unix Regular expressions as formal languages Finite State Automata Conclusions CS126 14-1 Randy Wang Introduction

431 views • 41 slides
Pattern matching and lexing Informatics 2A: Lecture 6 John Longley School of Informatics

Pattern matching and lexing Informatics 2A: Lecture 6 John Longley School of Informatics

Pattern matching Lexing Pattern matching and lexing Informatics 2A: Lecture 6 John Longley School of Informatics University of Edinburgh jrl@inf.ed.ac.uk 30 September, 2011 1 / 15 Pattern matching Lexing 1 Pattern matching grep and its

495 views • 15 slides
CSE182-L6 P-value and E-value Dicitionary matching Pattern matching October 09 CSE182 Why is

CSE182-L6 P-value and E-value Dicitionary matching Pattern matching October 09 CSE182 Why is

CSE182-L6 P-value and E-value Dicitionary matching Pattern matching October 09 CSE182 Why is BLAST fast? Assume that keyword searching does not consume any time and that alignment computation the expensive step. Query m=1000, random

433 views • 18 slides
Practical fast on-line exact pattern matching algorithms for highly similar sequences Nadia

Practical fast on-line exact pattern matching algorithms for highly similar sequences Nadia

Practical fast on-line exact pattern matching algorithms for highly similar sequences Nadia Ben Nsira Thierry Lecroq Elise Prieur-Gaston LITIS EA 4108, Normastic FR3638, IRIB, Universit e de Rouen Normandie, Normandie Universit e,

615 views • 37 slides
CSE182-L7 Dicitionary matching Pattern matching October 09 CSE182 Dictionary Matching

CSE182-L7 Dicitionary matching Pattern matching October 09 CSE182 Dictionary Matching

CSE182-L7 Dicitionary matching Pattern matching October 09 CSE182 Dictionary Matching 1:POTATO P O T A S T P O T A T O 2:POTASSIUM 3:TASTE database dictionary Q: Given k words (s i has length l i ) , and a database of size n, find

1.35k views • 58 slides
An Adaptive Hybrid Pattern-Matching Algorithm on Indeterminate Strings . Smyth 1 , Shu Wang 1 and

An Adaptive Hybrid Pattern-Matching Algorithm on Indeterminate Strings . Smyth 1 , Shu Wang 1 and

Outline An Adaptive Hybrid Pattern-Matching Algorithm on Indeterminate Strings . Smyth 1 , Shu Wang 1 and Mao Yu 1 W. F 1 Algorithms Research Group Department of Computing & Software McMaster University, Canada email:

662 views • 62 slides
Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p

Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p

Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p 1 p n and text t = t 1 t m Output: All positions 1< i < ( m n + 1) such that the n - letter substring of t starting at i matches p

486 views • 24 slides
Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p

Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p

Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p 1 p n and text t = t 1 t m Output: All positions 1< i < ( m n + 1) such that the n - letter substring of t starting at i matches p

657 views • 19 slides
CS 10: Problem solving via Object Oriented Programming Pattern Matching 2 Agenda 1. Pattern

CS 10: Problem solving via Object Oriented Programming Pattern Matching 2 Agenda 1. Pattern

CS 10: Problem solving via Object Oriented Programming Pattern Matching 2 Agenda 1. Pattern matching to validate input Regular expressions Deterministic/Non-Deterministic Finite Automata (DFA/NFA) 2. Finite State Machines (FSM)

927 views • 65 slides
String Matching String matching problem: string T (text) and string P (pattern) over an

String Matching String matching problem: string T (text) and string P (pattern) over an

String Matching String matching problem: string T (text) and string P (pattern) over an alphabet . String Matching |T| = n, |P| = m. Report all starting positions of occurrences of P in T. Inge Li Grtz P = a b a b a c a T

468 views • 9 slides
Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU

Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU

Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU Leuven 3 September 2014 How can we recognize definitions by pattern matching that do not depend on K? By taking identity proofs into account during

726 views • 38 slides
Text Processing We have seen that preprocessing the pattern speeds up pattern matching

Text Processing We have seen that preprocessing the pattern speeds up pattern matching

T RIES Standard Tries Compressed Tries Suffix Tries b s e i u e t a l d l y l o r l l l c p k Tries 1 Text Processing We have seen that preprocessing the pattern speeds up pattern matching queries

292 views • 11 slides
Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU

Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU

Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU Leuven 13 May 2014 How can we recognize definitions by pattern matching that do not depend on K? By taking identity proofs into account during

775 views • 40 slides
Pattern Matching for Permutations St ephane Vialette 2 CNRS & LIGM, Universit e

Pattern Matching for Permutations St ephane Vialette 2 CNRS & LIGM, Universit e

Pattern Matching for Permutations St ephane Vialette 2 CNRS & LIGM, Universit e Paris-Est Marne-la-Vall ee, France Permutation Pattern 2013, Paris Vialette (LIGM UPEMLV) Pattern Matching PP 2013 1 / 69 Outline 1 The general

1.49k views • 69 slides

More recommend