Skip to main content
SpringerLink
Log in
SpringerLink
Log in

An Efficient Heterogeneous Approach to Building Compressed Automata for Malware Signature Matching

  • Conference paper
International Joint Conference SOCO’14-CISIS’14-ICEUTE’14

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 299))

Abstract

We are presenting an innovative, deterministic approach to constructing highly compressed automata commonly used in malware signature scanning. Our implementation allows building a very efficient (storage-wise) approach for automata, with particular focus on the Aho-Corasick and Commentz-Walter algorithms, using a heterogeneous architecture that not only performs faster, but also supports much larger automata. Experimental results have shown that the memory required for the construction process of our approach is two times lower than in the classic CPU-only approach, while the overall construction time for the automata is improved by at least 50% on average in our experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. NVIDIA, NVIDIA CUDA Compute Unified Device Architecture Programming Guide, version 4.1., http://developer.download.nvidia.com/compute/DevZone/docs/html/C/doc/CUDA_C_Programming_Guide.pdf

  2. AMD, The HSA Architecture, http://developer.amd.com/resources/heterogeneous-computing/what-is-heterogeneous-system-architecture-hsa/

  3. Vasiliadis, G.: GPU-assisted malware. In: 5th International Conference on Malicious and Unwanted Software (MALWARE) (2010)

    Google Scholar 

  4. Stewin, P., Bystrov, I.: Understanding DMA Malware. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 21–41. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  5. Ladakis, E., Koromilas, L., Vasiliadis, G., Polychronakis, M., Ioannidis, S.: You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger. In: 6th European Workshop on System Security (EuroSec) (2013)

    Google Scholar 

  6. Herrero, A., Zurutuza, U., Corchado, E.: A Neural-Visualization IDS for Honeynet Data. Int. J. Neural Syst. 22(2) (2012)

    Google Scholar 

  7. Herrero, A., Navarro, M., Corchado, E., Julián, V.: RT-MOVICAB-IDS: Addressing real-time intrusion detection. Future Generation Comp. Syst. 29(1), 250–261 (2013)

    Article  Google Scholar 

  8. Aho, A., Corasick, M.: Efficient string matching: An Aid to bibliographic search. Communications of the ACM 18(6), 333–340 (1975)

    Article  MATH  MathSciNet  Google Scholar 

  9. Pungila, C., Negru, V.: Towards Building Efficient Malware Detection Engines Using Hybrid CPU/GPU-Accelerated Approaches. In: Ruiz-Martinez, A., Marin-Lopez, R., Pereniguez-Garcia, F. (eds.) Architectures and Protocols for Secure Information Technology Infrastructures, pp. 237–264. IGI Global, Hershey (2014)

    Google Scholar 

  10. Commentz-Walter, B.: A string matching algorithm fast on the average. In: Maurer, H.A. (ed.) Automata, Languages and Programming. LNCS, vol. 71, pp. 118–132. Springer, Heidelberg (1979)

    Chapter  Google Scholar 

  11. Wu, S., Manber, U.: A fast algorithm for multi-pattern searching. Technical Report TR-94-17, 1–11 (2004)

    Google Scholar 

  12. Boyer, R.S., Moore, J.S.: A fast string searching algorithm. Communications of the ACM 20, 762–772 (1977)

    Article  MATH  Google Scholar 

  13. Pungila, C., Negru, V.: A Highly-Efficient Memory-Compression Approach for GPU-Accelerated Virus Signature Matching. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 354–369. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  14. Clam AntiVirus, http://www.clamav.net

  15. Pungila, C., Negru, V.: Real-Time Polymorphic Aho-Corasick Automata for Heterogeneous Malicious Code Detection. In: Herrero, A., Baruque, B., Klett, F., Abraham, A., Snasel, V., de Carvalho, A.C.P.L.F., Bringas, P.G., Zelinka, I., Quintian, H., Corchado, E. (eds.) International Joint Conference SOCO’13-CISIS’13-ICEUTE’13. AISC, vol. 239, pp. 439–448. Springer, Heidelberg (2014)

    Google Scholar 

  16. Pungila, C., Reja, M., Negru, V.: Efficient parallel automata construction for hybrid resource-impelled data-matching. Future Generation Computer Systems (2013) ISSN 0167-739X

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Mathematics and Informatics, Computer Science Department, West University of Timisoara, V. Parvan 4, Timisoara, Romania

    Ciprian Pungila & Viorel Negru

Authors
  1. Ciprian Pungila
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Viorel Negru
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ciprian Pungila .

Editor information

Editors and Affiliations

  1. DeustoTech Computing, University of Deusto, Bilbao, Spain

    José Gaviria de la Puerta

  2. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Iván García Ferreira

  3. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Pablo Garcia Bringas

  4. German Workforce ADL Partnership Laboratory, Waltershausen, Germany

    Fanny Klett

  5. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Washington, USA

    Ajith Abraham

  6. Department of Computer Science, University of Sao Paulo at Sao Carlos, Sao Carlos, Brazil

    André C.P.L.F. de Carvalho

  7. Department of Civil Engineering Escuela Politénica Superior, University of Burgos, Burgos, Spain

    Álvaro Herrero

  8. Department of Civil Engineering Escuela Politénica Superior, University of Burgos, Burgos, Spain

    Bruno Baruque

  9. Departamento de Enxeñeria Industrial, Escuela Universitaria Politécnica, University of Salamanca, Salamanca, Spain and University of Coruña, La Coruña, Spain

    Héctor Quintián

  10. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Pungila, C., Negru, V. (2014). An Efficient Heterogeneous Approach to Building Compressed Automata for Malware Signature Matching. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07995-0_41

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07994-3

  • Online ISBN: 978-3-319-07995-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation