CT-T:Exploiting Multi-Core CPUs for Parallelizing Network Intrusion Prevention

CT-T：利用多核 CPU 并行化网络入侵防御

• 批准号: 0716636
• 负责人: Vern Paxson
• 金额: $ 49.94万
• 依托单位: International Computer Science Institute
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716636&HistoricalAwards=false
• 关键词: CT; Exploiting; Multi; Core; CPUs

The performance pressures on implementing effective network security monitoring are growing fiercely in multiple dimensions, outpacing improvements in CPU performance. The situation has now become dire with the end of Moore's Law for single CPUs. In general, hardware vendors now turn to parallel execution---many cores and many threads---to sustain performance growth. But adapting network security monitoring to such parallelism raises a host of challenging issues.This project seeks to develop methodologies for effectively parallelizing in-depth security analysis of network activity. Doing so requires structuring the processing into separate, low-level threads suitable for concurrent execution, for which several key issues must be addressed: forwarding packets only when all relevant threads have finished their vetting; minimizing inter-thread communication in the presence of global analysis algorithms; optimizing memory access patterns for locality; and providing effective performance debugging tools.The work centers around an event-oriented underlying architecture, which allows for exposing many opportunities for concurrent execution due to the decoupled asynchrony that events introduce into the flow of analysis. In addition, by associating events with the packets that ultimately stimulated them, the system can make sound decisions for resolving whether and when it becomes safe to forward pending packets.Ultimately, the effort aims to enable network intrusion prevention to reap both the benefits of executing on general purpose commodity hardware, as well as the exponential scaling that Moore's Law promises for future parallel processors.

实施有效网络安全监控的性能压力在多个方面急剧增加，超过了CPU性能的改进。 随着单CPU的摩尔定律的终结，情况变得可怕。 一般来说，硬件供应商现在转向并行执行-多个内核和多个线程-以维持性能增长。 但是，使网络安全监测适应这种并行性提出了一系列具有挑战性的问题。本项目旨在开发有效并行深入的网络活动安全分析的方法。 这样做需要将处理结构化为适合并发执行的单独的低级别线程，为此必须解决几个关键问题：仅在所有相关线程都完成审查时才转发数据包;在全局分析算法存在的情况下最小化线程间通信;优化局部内存访问模式;并提供有效的性能调试工具。工作围绕面向事件的底层架构，由于事件引入到分析流中的解耦的并发性，这允许暴露许多并发执行的机会。 此外，通过将事件与最终激发它们的数据包相关联，系统可以做出合理的决策，以解决转发挂起的数据包是否以及何时变得安全。最终，这项工作的目的是使网络入侵防御既能获得在通用商品硬件上执行的好处，又能获得摩尔定律为未来并行处理器承诺的指数级扩展。