Skip to main content
SpringerLink
Log in

A Low-Cost and High-Performance Virus Scanning Engine Using a Binary CAM Emulator and an MPU

  • Conference paper
Reconfigurable Computing: Architectures, Tools and Applications (ARC 2012)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7199))

Included in the following conference series:

Abstract

This paper shows a virus scanning engine using two-stage matching. In the first stage, a binary CAM emulator quickly detects a part of the virus pattern, while in the second stage, the MPU detects the full length of the virus pattern. The binary CAM emulator is realized by four index generation unitsĀ (IGUs). The proposed system uses four off chip SRAMs and a small FPGA. Thus, the cost and the power consumption are lower than the TCAM-based system. The system loaded 1,290,617 ClamAV virus patterns. As for the area and throughput, this system outperforms existing FPGA-based implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baker, Z.K., Jung, H., Prasanna, V.K.: Regular expression software deceleration for intrusion detection systems. In: FPL 2006, pp. 28ā€“30 (2006)

    Google ScholarĀ 

  2. CAST inc., MD5 IP Core, http://www.cast-inc.com/ip-cores/encryption/md5/

  3. ClamAV, http://www.clamav.net/

  4. Digi-key Corp., http://www.digikey.com/

  5. Ditmar, J., Torkelsson, K., Jantsch, A.: A Dynamically Reconfigurable FPGA-Based Content Addressable Memory for Internet Protocol Characterization. In: GrĆ¼nbacher, H., Hartenstein, R.W. (eds.) FPL 2000. LNCS, vol.Ā 1896, pp. 19ā€“28. Springer, Heidelberg (2000)

    ChapterĀ  Google ScholarĀ 

  6. Google, Google Safe Browsing API, http://code.google.com/intl/ja/apis/safebrowsing/

  7. Ho, J.T.L., Lemieux, G.G.F.: PERG-Rx: A hardware pattern-matching engine supporting limited regular expressions. In: FPGA 2009, pp. 257ā€“260 (2009)

    Google ScholarĀ 

  8. James-Roxby, P.B., Downs, D.J.: An efficient content-addressable memory implementation using dynamic routing. In: FCCM 2001, pp. 81ā€“90 (2001)

    Google ScholarĀ 

  9. Jiang, W., Wang, Q., Prasanna, V.K.: Beyond TCAMs: An SRAM-based parallel multi-pipeline architecture for terabit IP lookup. In: INFOCOM 2008, pp. 1786ā€“1794 (2008)

    Google ScholarĀ 

  10. Kaspersky, http://www.kaspersky.com/

  11. Kumar, S., Chandrasekaran, B., Turner, J., Varghese, G.: Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In: ANCS 2007, pp. 155ā€“164 (2007)

    Google ScholarĀ 

  12. Kohavi, Z.: Switching and Finite Automata Theory. McGraw-Hill Inc. (1979)

    Google ScholarĀ 

  13. Nakahara, H., Sasao, T., Matsuura, M., Kawamura, Y.: A virus scanning engine using a parallel finite-input memory machine and MPUs. In: FPL 2009, pp. 635ā€“639 (2009)

    Google ScholarĀ 

  14. Nakahara, H., Sasao, T., Matsuura, M., Kawamura, Y.: The parallel sieve method for a virus scanning engine. In: DSD 2009, pp. 809ā€“816 (2009)

    Google ScholarĀ 

  15. PCRE: Perl compatible regular expressions, http://www.pcre.org/

  16. Roan, H.C., Hawang, W.J., Dan Lo, C.T.: Shift-or circuit for efficient network intrusion detection pattern matching. In: FPL 2006, pp. 785ā€“790 (2006)

    Google ScholarĀ 

  17. Sasao, T.: Memory-Based Logic Synthesis. Springer, Heidelberg (2011)

    BookĀ  Google ScholarĀ 

  18. Sasao, T., Matsuura, M., Nakahara, H.: A realization of index generation functions using modules of uniform sizes. In: IWLS 2010, June 18-20, pp. 201ā€“208 (2010)

    Google ScholarĀ 

  19. Sasao, T., Matsuura, M.: An implementation of an address generator using hash memories. In: DSD 2007, August 27-31, pp. 69ā€“76 (2007)

    Google ScholarĀ 

  20. Tan, L., Sherwood, T.: A high throughput string matching architecture for intrusion detection and prevention. In: ISCA 2005, pp. 112ā€“122 (2005)

    Google ScholarĀ 

  21. Thinh, T.N., Kittitornkun, S., Tomiyama, S.: Applying cuckoo hashing for FPGA-based pattern matching in NIDS/NIPS. In: ICFPT 2007, pp. 121ā€“128 (2007)

    Google ScholarĀ 

  22. Xilinx inc, MicroBlaze, http://www.xilinx.com/

  23. Yu, F., Katz, R.H., Lakshman, T.V.: Gigabit rate packet pattern matching using TCAM. In: ICNP 2004, pp. 174ā€“183 (2004)

    Google ScholarĀ 

Download references

Author information

Authors and Affiliations

  1. Kagoshima University, Japan

    Hiroki Nakahara

  2. Kyushu Institute of Technology, Japan

    Tsutomu SasaoĀ &Ā Munehiro Matsuura

Authors
  1. Hiroki Nakahara
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Tsutomu Sasao
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  3. Munehiro Matsuura
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electronic Engineering, The Chinese University of Hong Kong, Shatin, N.T., Hong Kong, China

    Oliver C. S. Choy

  2. Department of Electronic Engineering, City University of Hong Kong, Kowloon Tong, Hong Kong, China

    Ray C. C. Cheung

  3. Department of ECE, Virginia Tech., 302 Whittemore Hall, 24061, Blacksburg, VA, USA

    Peter Athanas

  4. Tohoku University, 6-6-01 Aramaki Aza Aoba, Aobaku, 981-8579, Sendai, Miyagi, Japan

    Kentaro Sano

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nakahara, H., Sasao, T., Matsuura, M. (2012). A Low-Cost and High-Performance Virus Scanning Engine Using a Binary CAM Emulator and an MPU. In: Choy, O.C.S., Cheung, R.C.C., Athanas, P., Sano, K. (eds) Reconfigurable Computing: Architectures, Tools and Applications. ARC 2012. Lecture Notes in Computer Science, vol 7199. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28365-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28365-9_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28364-2

  • Online ISBN: 978-3-642-28365-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation