Using Cell Processors for Intrusion Detection through Regular Expression Matching with Speculation

The main purpose of network intrusion detection systems is to determine whether incoming network traffic matches known attack signatures. To achieve this goal each of the stored signatures represents a description of an attack or an undesired event in the monitored network. The main weakness with existing signature matching algorithms is that they are essentially serial operations and it is hard for them to keep up with the growing network speed. The major bottleneck in intrusion detection systems is that they are able to scan only one byte at a time, which leads to increased latency and low throughput. Thus, there is a need for a novel approach which takes advantage of the increased computing power of newer architectures. This paper presents a method which uses the Cell architecture to run an adapted speculative parallel pattern matching algorithm. Furthermore, we demonstrate that the advantages brought by our of our approach are significant compared to the serial implementation and other parallel ones. We also emphasize the advantages brought by the characteristics of the Cell architecture.