Improving Intrusion Detection for IoT Networks - A Snort GPGPU Modification Using OpenCL

Abstract

The Internet of Things, or IoT, is continuously growing with more devices being connected every day, adding new features and functionality to our personal and home devices by connecting them to the Internet. However, with the increase of devices and components, new security threats arise in previously offline systems that used to be immune to network attacks. This increase calls for better security options that can ensure protection of the data flowing in IoT networks by detecting and mitigating new threats. To contribute to the mentioned area, the goal of this thesis was to develop and evaluate a modified version of Snort, a widely used intrusion detection system. The idea was to improve the efficiency of computationally expensive pattern matching by extending Snort to use a graphical processing unit for such work. The Snort modification was tested by comparing it to that of an unmodified version of Snort in a closed environment with simulated network traffic. The tests were run on a single-board-computer to simulate the IoT context. The results show that the new functionality yields a speedup of 1.3 when analyzing captured traffic, a throughput increase of a factor of two when inspecting live traffic, and slightly less energy consumption, all when comparing to original Snort. With these results, it seems plausible to use the IoT devices as a means of strengthening their own security and protect them from network attacks.