Hardware-Software Codesign for High-Speed Signature-based Virus Scanning

High-speed network content security applications often offload signature matching to hardware. In such systems, the throughput of the overall system, rather than the hardware engine alone, is significant. The authors offload virus scanning in the ClamAV antivirus package to the BFAST* hardware engine. They find that the data-passing processes significantly degrade system throughput.

[1]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[2]  Viktor K. Prasanna,et al.  A methodology for synthesis of efficient intrusion detection systems on FPGAs , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[3]  Tsern-Huei Lee,et al.  Realizing a Sub-Linear Time String-Matching Algorithm With a Hardware Accelerator Using Bloom Filters , 2009, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[4]  Tsern-Huei Lee,et al.  Using String Matching for Deep Packet Inspection , 2008, Computer.

[5]  Pål Halvorsen,et al.  Performance tradeoffs for static allocation of zero-copy buffers , 2002, Proceedings. 28th Euromicro Conference.

[6]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[7]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[8]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[9]  Pei Cao,et al.  Hash-AV: fast virus signature scanning by cache-resident filters , 2005, GLOBECOM.

[10]  Chang Guiran,et al.  The Design and Implementation of Zero-Copy for Linux , 2008, 2008 Eighth International Conference on Intelligent Systems Design and Applications.

[11]  Paul D. Franzon,et al.  Configurable string matching hardware for speeding up intrusion detection , 2005, CARN.

[12]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[13]  Timothy Sherwood,et al.  Bit-split string-matching engines for intrusion detection and prevention , 2006, TACO.