A high-level architecture for efficient packet trace analysis on gpu co-processors
- Authors: Nottingham, Alastair , Irwin, Barry V W
- Date: 2013
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429572 , vital:72623 , 10.1109/ISSA.2013.6641052
- Description: This paper proposes a high-level architecture to support efficient, massively parallel packet classification, filtering and analysis using commodity Graphics Processing Unit (GPU) hardware. The proposed architecture aims to provide a flexible and efficient parallel packet processing and analysis framework, supporting complex programmable filtering, data mining operations, statistical analysis functions and traffic visualisation, with minimal CPU overhead. In particular, this framework aims to provide a robust set of high-speed analysis functionality, in order to dramatically reduce the time required to process and analyse extremely large network traces. This architecture derives from initial research, which has shown GPU co-processors to be effective in accelerating packet classification to up to tera-bit speeds with minimal CPU overhead, far exceeding the bandwidth capacity between standard long term storage and the GPU device. This paper provides a high-level overview of the proposed architecture and its primary components, motivated by the results of prior research in the field.
- Full Text:
- Date Issued: 2013
Towards a GPU accelerated virtual machine for massively parallel packet classification and filtering
- Authors: Nottingham, Alastair , Irwin, Barry V W
- Date: 2013
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430295 , vital:72681 , https://doi.org/10.1145/2513456.2513504
- Description: This paper considers the application of GPU co-processors to accelerate the analysis of packet data, particularly within extremely large packet traces spanning months or years of traffic. Discussion focuses on the construction, performance and limitations of the experimental GPF (GPU Packet Filter), which employs a prototype massively-parallel protocol-independent multi-match algorithm to rapidly compare packets against multiple arbitrary filters. The paper concludes with a consideration of mechanisms to expand the flexibility and power of the GPF algorithm to construct a fully programmable GPU packet classification virtual machine, which can perform massively parallel classification, data-mining and data-transformation to explore and analyse packet traces. This virtual machine is a component of a larger framework of capture analysis tools which together provide capture indexing, manipulation, filtering and visualisation functions.
- Full Text:
- Date Issued: 2013
Capturefoundry: a gpu accelerated packet capture analysis tool
- Authors: Nottingham, Alastair , Richter, John , Irwin, Barry V W
- Date: 2012
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430112 , vital:72666 , https://doi.org/10.1145/2389836.2389877
- Description: Packet captures are used to support a variety of tasks, including network administration, fault diagnosis and security and network related research. Despite their usefulness, processing packet capture files is a slow and tedious process that impedes the analysis of large, long-term captures. This paper discusses the primary components and observed performance of CaptureFoundry, a stand-alone capture analysis support tool designed to quickly map, filter and extract packets from large capture files using a combination of indexing techniques and GPU accelerated packet classification. All results are persistent, and may be used to rapidly extract small pre-filtered captures on demand that may be analysed quickly in existing capture analysis applications. Performance results show that CaptureFoundry is capable of generating multiple indexes and classification results for large captures at hundreds of megabytes per second, with minimal CPU and memory overhead and only minor additional storage space requirements.
- Full Text:
- Date Issued: 2012
GPF : a framework for general packet classification on GPU co-processors
- Authors: Nottingham, Alastair
- Date: 2012
- Subjects: Graphics processing units , Coprocessors , Computer network protocols , Computer networks -- Security measures , NVIDIA Corporation
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4661 , http://hdl.handle.net/10962/d1006662 , Graphics processing units , Coprocessors , Computer network protocols , Computer networks -- Security measures , NVIDIA Corporation
- Description: This thesis explores the design and experimental implementation of GPF, a novel protocol-independent, multi-match packet classification framework. This framework is targeted and optimised for flexible, efficient execution on NVIDIA GPU platforms through the CUDA API, but should not be difficult to port to other platforms, such as OpenCL, in the future. GPF was conceived and developed in order to accelerate classification of large packet capture files, such as those collected by Network Telescopes. It uses a multiphase SIMD classification process which exploits both the parallelism of packet sets and the redundancy in filter programs, in order to classify packet captures against multiple filters at extremely high rates. The resultant framework - comprised of classification, compilation and buffering components - efficiently leverages GPU resources to classify arbitrary protocols, and return multiple filter results for each packet. The classification functions described were verified and evaluated by testing an experimental prototype implementation against several filter programs, of varying complexity, on devices from three GPU platform generations. In addition to the significant speedup achieved in processing results, analysis indicates that the prototype classification functions perform predictably, and scale linearly with respect to both packet count and filter complexity. Furthermore, classification throughput (packets/s) remained essentially constant regardless of the underlying packet data, and thus the effective data rate when classifying a particular filter was heavily influenced by the average size of packets in the processed capture. For example: in the trivial case of classifying all IPv4 packets ranging in size from 70 bytes to 1KB, the observed data rate achieved by the GPU classification kernels ranged from 60Gbps to 900Gbps on a GTX 275, and from 220Gbps to 3.3Tbps on a GTX 480. In the less trivial case of identifying all ARP, TCP, UDP and ICMP packets for both IPv4 and IPv6 protocols, the effective data rates ranged from 15Gbps to 220Gbps (GTX 275), and from 50Gbps to 740Gbps (GTX 480), for 70B and 1KB packets respectively. , LaTeX with hyperref package
- Full Text:
- Date Issued: 2012
Extending the NFComms: framework for bulk data transfers
- Authors: Nottingham, Alastair , Irwin, Barry V W
- Date: 2009
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430164 , vital:72670 , https://doi.org/10.1145/1632149.1632170
- Description: Packet analysis is an important aspect of network security, which typi-cally relies on a flexible packet filtering system to extrapolate important packet information from each processed packet. Packet analysis is a computationally intensive, highly parallelisable task, and as such, clas-sification of large packet sets, such as those collected by a network tel-escope, can require significant processing time. We wish to improve upon this, through parallel classification on a GPU. In this paper, we first consider the OpenCL architecture and its applicability to packet analy-sis. We then introduce a number of packet demultiplexing and routing algorithms, and finally present a discussion on how some of these techniques may be leveraged within a GPGPU context to improve packet classification speeds.
- Full Text:
- Date Issued: 2009
gpf: A GPU accelerated packet classification tool
- Authors: Nottingham, Alastair , Irwin, Barry V W
- Date: 2009
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428103 , vital:72486 , https://d1wqtxts1xzle7.cloudfront.net/67098560/gPF_A_GPU_Accelerated_Packet_Classificat20210505-17707-zqqa4s.pdf?1620201469=andresponse-content-disposi-tion=inline%3B+filename%3DgPF_A_GPU_Accelerated_Packet_Classificat.pdfandExpires=1714733902andSignature=NQ~1DjH1XOuqF8u1Yq74XyG7kp~y0II81vu40SuWO2GQhSgToTHC7ynbAoP3MGv9do~bX1PCAp2Z2TCKUVHT7CmYNRxDmnpk5G4kefH--0VotMHVtFnHnf5Q9nhrp0MIgSxEhncOrlRx5K5sRhlLkyfDib3RS8Y8vu~FIPvm1DaZrfqCZSpXKmHh9r1etybRBRtUokzayPtgbhE41bQtW9wI8J4-JTQ9doyNC-JflFuEfUnhv5Phf45lr7TALm8G8nGZBp3z9-nSLZDxls2mvvVIANCdutyOMDnMDadGoqjIB2wYwUy~Fm424ZWj7fF89Ytj9xqIU63H4NFE2HodtQ__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: This paper outlines the design of gPF, a fast packet classifier optimised for parallel execution on current generation commodity graphics hard-ware. Specifically, gPF leverages the potential for both the parallel classi-fication of packets at runtime, and the use of evolutionary mechanisms, in the form of a GP-GPU genetic algorithm to produce contextually opti-mised filter permutations in order to reduce redundancy and improve the per-packet throughput rate of the resultant filter program. This paper demonstrates that these optimisations have significant potential for im-proving packet classification speeds, particularly with regard to bulk pack-et processing and saturated network environments.
- Full Text:
- Date Issued: 2009
Investigating the effect of Genetic Algorithms on Filter Optimisation Within Fast Packet Classifiers
- Authors: Nottingham, Alastair , Irwin, Barry V W
- Date: 2009
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428674 , vital:72528 , https://www.researchgate.net/profile/Marijke-Coet-zee/publication/220803190_A_Framework_for_Web_Services_Security_Policy_Negotiation/links/0fcfd50f7d806aafc8000000/A-Framework-for-Web-Services-Security-Policy-Negotiation.pdf#page=119
- Description: Packet demultiplexing and analysis is a core concern for network secu-rity, and has hence inspired numerous optimisation attempts since their conception in early packet demultiplexing filters such as CSPF and BPF. These optimisations have generally, but not exclusively, focused on improving the speed of packet classification. Despite these im-provements however, packet filters require further optimisation in order to be effectively applied within next generation networks. One identified optimisation is that of reducing the average path length of the global filter by selecting an optimum filter permutation. Since redundant code generation does not change the order of computation, the initial filter order before filter optimisation affects the average path length of the resultant control-flow graph, thus selection of an optimum permutation of filters could provide significant performance improvements. Unfortu-nately, this problem is NP-Complete. In this paper, we consider using Genetic Algorithms to’breed’an optimum filter permutation prior to re-dundant code elimination. Specifically, we aim to evaluate the effec-tiveness of such an optimisation in reducing filter control flow graphs.
- Full Text:
- Date Issued: 2009