Title :
A virus scanning engine using a parallel finite-input memory machine and MPUs
Author :
Nakahara, Hiroki ; Sasao, Tsutomu ; Matsuura, Munehiro ; Kawamura, Yoshifumi
Author_Institution :
Kyushu Inst. of Technol., Kitakyushu, Japan
fDate :
Aug. 31 2009-Sept. 2 2009
Abstract :
This paper presents a virus scanning engine. After showing the difference between ClamAV (an anti-virus software) and SNORT (an intrusion detection software), we show a new architecture for the virus scanning engine, which is different from that of the intrusion detection engine. The new architecture consists of a parallel finite-input memory machine (PFIMM) and general purpose MPUs. It uses two-stage matching. That is, in the first stage, the parallel hardware filter quickly scans the text to find partial matches, and in the second stage, the MPU scan the text to find the total match. To reduce the memory size, compressed match vectors are used. The system is implemented on the Stratix III FPGA, where 65,536 ClamAV virus patterns are stored. As for the area-performance ratio, our system is 1.2-26.3 times more efficient than existing ones.
Keywords :
computer viruses; data compression; parallel architectures; pattern matching; storage management chips; MPU; intrusion detection engine; match vector compression; parallel finite-input memory machine architecture; parallel hardware filter; two-stage matching; virus scanning engine; Computer architecture; Energy consumption; Field programmable gate arrays; Hardware; Internet; Intrusion detection; Logic circuits; Matched filters; Search engines; Throughput;
Conference_Titel :
Field Programmable Logic and Applications, 2009. FPL 2009. International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4244-3892-1
Electronic_ISBN :
1946-1488
DOI :
10.1109/FPL.2009.5272396
