Advertisement

CloudNet Anti-malware Engine: GPU-Accelerated Network Monitoring for Cloud Services

  • George HatzivasilisEmail author
  • Konstantinos Fysarakis
  • Ioannis Askoxylakis
  • Alexander Bilanakos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11398)

Abstract

In the modern applications for Internet-of-Things (IoT) and Cyber-Physical Systems (CPSs) heterogeneous embedded devices exchange high volumes of data. Interconnection with cloud services is becoming popular. Thus, enhanced security is imperative but network monitoring is computational intensive. Parallel programming utilizing Graphics Processing Units (GPUs) is a well-tried practice for drastically reducing the computation time in computation intensive domains. This paper presents CloudNet – a lightweight and efficient GPU-accelerated anti-malware engine, utilizing the CUDA General Purpose GPU (GPGPU). The core of the system computes the digests of files using a CUDA-optimized SHA-3 hashing mechanism. Malware digests are stored in a data structure so that detection checks take place as network traffic is processed. Work includes a comparative analysis for three types of data structures (hash table, tree, and array) to identify the most appropriate for this specific field. We develop several versions of two basic variations of applications, including performance comparisons of GPU-accelerated implementation to the reference and optimized CPU implementations. The CloudNet is developed in order to protect CPSs that communicate information to the industrial cloud. A trace of an industrial wind park traffic is utilized for the evaluation of CloudNet, achieving two times faster network monitoring than typical CPU solutions.

Keywords

Cloud Industrial cloud Network monitoring Anti-malware Parallel computing GPU CUDA SHA-3 CPS IoT IIoT 

Notes

Acknowledgment

This work has received funding from the European Union Horizon’s 2020 research and innovation programme under grant agreement No. 780315 (SEMIoTICS). The authors would also like to thank the network engineers maintaining the subject wind park in Brande, Denmark for their valuable input in interpreting the network traces.

References

  1. 1.
    Zhu, C., Shu, L., Leung, V.C.M., Guo, S., Zhang, Y., Yang, L.T.: Secure multimedia big data in trust-assisted sensor-cloud for smart city. IEEE Commun. Mag. 55(12), 24–30 (2017)CrossRefGoogle Scholar
  2. 2.
    Zhu, C., Zhou, H., Leung, V.C.M., Wang, K., Zhang, Y., Yang, L.T.: Toward big data in green city. IEEE Commun. Mag. 55(11), 14–18 (2017)CrossRefGoogle Scholar
  3. 3.
    Antonakakis, M., et al.: Understanding the Mirai Botnet. In: 26th Usenix Security Symposium (SS), 16–18 August, Vancouver, BC, Canada, pp. 1093–1110 (2017)Google Scholar
  4. 4.
    Lu, Z., Wang, W., Wang, C.: On the evolution and impact of mobile Botnets in wireless networks. IEEE Trans. Mob. Comput. 15(9), 2304–2316 (2016)MathSciNetCrossRefGoogle Scholar
  5. 5.
    NVIDIA Corporation, Santa Clara, California, USA. http://www.nvidia.com/
  6. 6.
    Compute Unified Device Architecture (CUDA). http://www.nvidia.com/object/cuda_home_new.html
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak sponge function family. http://keccak.noekeon.org/
  8. 8.
    Vasiliadis, G., Ioannidis, S.: GrAVity: a massively parallel antivirus engine. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 79–96. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15512-3_5CrossRefGoogle Scholar
  9. 9.
    Pungila, C., Negru, V.: A highly-efficient memory-compression approach for GPU-accelerated virus signature matching. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 354–369. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-33383-5_22CrossRefGoogle Scholar
  10. 10.
    Clam AntiVirus, Open Source (GPL) antivirus engine. http://www.clamav.net
  11. 11.
    Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E.P., Ioannidis, S.: Gnort: high performance network intrusion detection using graphics processors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 116–134. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-87403-4_7CrossRefGoogle Scholar
  12. 12.
    Vasiliadis, G., Polychronakis, M., Antonatos, S., Markatos, E.P., Ioannidis, S.: Regular expression matching on graphics hardware for intrusion detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 265–283. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04342-0_14CrossRefGoogle Scholar
  13. 13.
    Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: SCOTRES: secure routing for IoT and CPS. IEEE Internet Things J. (IoT) 4(6), 2129–2141 (2017)CrossRefGoogle Scholar
  14. 14.
    Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: Real-time management of railway CPS. In: 5th EUROMICRO/IEEE Workshop on Embedded and Cyber-Physical Systems, ECYPS 2017, 11–15 June, Bar, Montenegro. IEEE (2017)Google Scholar
  15. 15.
    Hatzivasilis, G., Fysarakis, K., Soultatos, O., Askoxylakis, I., Papaefstathiou, I., Demetriou, G.: The industrial internet of things as an enabler for a circular economy Hy-LP: a novel IIoT protocol, evaluated on a Wind Park’s SDN/NFV-enabled 5G industrial network. Comput. Commun. Spec. Issue Energy-aware Des. Sustain. 5G Netw. 119, 127–137 (2018)Google Scholar
  16. 16.
    National Institute of Standards & Technology (NIST): SHA-3 Winner Announcement. http://csrc.nist.gov/groups/ST/hash/sha-3/winner_sha-3.html
  17. 17.
    Alexandris, G., Alexaki, S., Katos, V., Hatzivasilis, G.: Blockchains as enablers for auditing cooperative circular economy networks. In: 23rd IEEE International Workshop on Computer Aided Modeling and Design of Communication Links and Networks, CAMAD 2018, 17–19 September, Barcelona, Spain, pp. 1–7. IEEE (2018)Google Scholar
  18. 18.
  19. 19.
  20. 20.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_21CrossRefGoogle Scholar
  21. 21.
    Sevestre, G.: Keccak tree hashing on GPU, using NVIDIA CUDA API. https://sites.google.com/site/keccaktreegpu/

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • George Hatzivasilis
    • 1
    Email author
  • Konstantinos Fysarakis
    • 2
  • Ioannis Askoxylakis
    • 1
  • Alexander Bilanakos
    • 3
  1. 1.Institute of Computer ScienceFoundation for Research and Technology – Hellas (FORTH)HeraklionGreece
  2. 2.Sphynx Technology SolutionsZukSwitzerland
  3. 3.Department of Computer ScienceUniversity of Crete, Voutes University CampusHeraklionGreece

Personalised recommendations