P-SPADE: GPU accelerated malware packer detection

Packed malware imposes negative impact on the accuracy of AV scanners. It is essential for a security researcher to nullify the effects of packing tools, prior to malware detection. Numerous open and commercial packers are available to facilitate unwelcome intentions of malware authors. Thus, identification of packers becomes necessary phase prior to malware scanning. In this paper, we have proposed a GPGPU based approach for accelerating our previous signature based packer detection (SPADE) [1] method. SPADE generates packer signature by utilizing the intra-family malware alignments. It makes use of Smith-Waterman algorithm to reveal the actual relationship among the packer family samples and achieves high detection rate as compared to other packer detection tools. The use of Smith-Waterman comes with a trade off between accuracy and high computational complexity. So, we have implemented a parallel version of Smith-Waterman to improve the signature generation phase of SPADE. Our GPU based approach (O(m+n)) produces 14.89X to 49.91X speedup over CPU based implementation of SPADE preserving detection accuracy. Moreover, the proposed approach opens up new domain of applying GPUs to the existing signature based approaches for malware detection where signature database updation is done on daily basis.

[1]  M S Waterman,et al.  Identification of common molecular subsequences. , 1981, Journal of molecular biology.

[2]  Tom Davis,et al.  Opengl programming guide: the official guide to learning opengl , 1993 .

[3]  J. Thompson,et al.  CLUSTAL W: improving the sensitivity of progressive multiple sequence alignment through sequence weighting, position-specific gap penalties and weight matrix choice. , 1994, Nucleic acids research.

[4]  Meng-Lai Yin,et al.  A parallel implementation of the Smith-Waterman algorithm for massive sequences searching , 2004, The 26th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[5]  Golden G. Richard,et al.  Massive threading: Using GPUs to increase the performance of digital forensics tools , 2007, Digit. Investig..

[6]  Weiguo Liu,et al.  Streaming Algorithms for Biological Sequence Alignment on GPUs , 2007, IEEE Transactions on Parallel and Distributed Systems.

[7]  Michael Farrar,et al.  Sequence analysis Striped Smith – Waterman speeds database searches six times over other SIMD implementations , 2007 .

[8]  Giorgio Valle,et al.  CUDA compatible GPU cards as efficient hardware accelerators for Smith-Waterman sequence alignment , 2008, BMC Bioinformatics.

[9]  Fumihiko Ino,et al.  Design and implementation of the Smith-Waterman algorithm on the CUDA-compatible GPU , 2008, 2008 8th IEEE International Conference on BioInformatics and BioEngineering.

[10]  Yongchao Liu,et al.  MSA-CUDA: Multiple Sequence Alignment on Graphics Processing Units with CUDA , 2009, 2009 20th IEEE International Conference on Application-specific Systems, Architectures and Processors.

[11]  Ali Akoglu,et al.  Scalable and highly parallel implementation of Smith-Waterman on graphics processing unit using CUDA , 2009, Cluster Computing.

[12]  Konstantinos G. Margaritis,et al.  String Matching on a Multicore GPU Using CUDA , 2009, 2009 13th Panhellenic Conference on Informatics.

[13]  Yongchao Liu,et al.  CUDASW++: optimizing Smith-Waterman sequence database searches for CUDA-enabled graphics processing units , 2009, BMC Research Notes.

[14]  Jie Cheng,et al.  CUDA by Example: An Introduction to General-Purpose GPU Programming , 2010, Scalable Comput. Pract. Exp..

[15]  Edans Flavius de Oliveira Sandes,et al.  Smith-Waterman Alignment of Huge Sequences with GPU in Linear Space , 2011, 2011 IEEE International Parallel & Distributed Processing Symposium.

[16]  Sanjay V. Rajopadhye,et al.  Improving CUDASW++, a Parallelization of Smith-Waterman for CUDA Enabled Devices , 2011, 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum.

[17]  Vijay Laxmi,et al.  SPADE: Signature based PAcker DEtection , 2012, SecurIT '12.

[18]  Jayshree Ghorpade,et al.  GPGPU Processing in CUDA Architecture , 2012, ArXiv.

[19]  Sheng-Ta Lee,et al.  GPU-Based Cloud Service for Smith-Waterman Algorithm Using Frequency Distance Filtration Scheme , 2013, BioMed research international.

[20]  Edans Flavius de Oliveira Sandes,et al.  Retrieving Smith-Waterman Alignments with Optimizations for Megabase Biological Sequences Using GPU , 2013, IEEE Trans. Parallel Distributed Syst..