Performance testing of GPU-based approximate matching algorithm on network traffic

• Main Author: Jimoh, Mujeeb B.
• Other Authors: Beverly, Robert
• Published: Monterey, California: Naval Postgraduate School 2015
• Online Access: http://hdl.handle.net/10945/45198

Approved for public release; distribution is unlimited === Insider threat is one of the risks both government and private organizations have to deal with in protecting their important information. Data exfiltration and data leakage resulting from insiders’ activities can be very difficult to identify and quantify. Unfortunately, existing solutions that efficiently check whether data moving across a network is known to be sensitive are not resilient to attackers that make changes—even trivial modifications—to the data prior to exfiltration. This capstone examines the potential use of the sdhash approximate matching algorithm within the data exfiltration domain. Sdhash can be employed to look for active transfer of known sensitive files in network traffic, but in practice is hindered by the computational time required to check for known sensitive data. This research tested the performance of both the GPU and CPU implementation of sdhash to determine their suitability in high-network traffic environments such as the Department of Defense. The results of this experiment showed that better performance is achieved with the GPU when comparing large data sets. For small data sets, the CPU and GPU implementations exhibited similar performance. Thus, sdhash in the GPU implementation would be suitable for the Defense Department’s use.