Abstract
This paper shows a virus scanning engine using two-stage matching. In the first stage, a binary CAM emulator quickly detects a part of the virus pattern, while in the second stage, the MPU detects the full length of the virus pattern. The binary CAM emulator is realized by four index generation unitsĀ (IGUs). The proposed system uses four off chip SRAMs and a small FPGA. Thus, the cost and the power consumption are lower than the TCAM-based system. The system loaded 1,290,617 ClamAV virus patterns. As for the area and throughput, this system outperforms existing FPGA-based implementations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baker, Z.K., Jung, H., Prasanna, V.K.: Regular expression software deceleration for intrusion detection systems. In: FPL 2006, pp. 28ā30 (2006)
CAST inc., MD5 IP Core, http://www.cast-inc.com/ip-cores/encryption/md5/
ClamAV, http://www.clamav.net/
Digi-key Corp., http://www.digikey.com/
Ditmar, J., Torkelsson, K., Jantsch, A.: A Dynamically Reconfigurable FPGA-Based Content Addressable Memory for Internet Protocol Characterization. In: GrĆ¼nbacher, H., Hartenstein, R.W. (eds.) FPL 2000. LNCS, vol.Ā 1896, pp. 19ā28. Springer, Heidelberg (2000)
Google, Google Safe Browsing API, http://code.google.com/intl/ja/apis/safebrowsing/
Ho, J.T.L., Lemieux, G.G.F.: PERG-Rx: A hardware pattern-matching engine supporting limited regular expressions. In: FPGA 2009, pp. 257ā260 (2009)
James-Roxby, P.B., Downs, D.J.: An efficient content-addressable memory implementation using dynamic routing. In: FCCM 2001, pp. 81ā90 (2001)
Jiang, W., Wang, Q., Prasanna, V.K.: Beyond TCAMs: An SRAM-based parallel multi-pipeline architecture for terabit IP lookup. In: INFOCOM 2008, pp. 1786ā1794 (2008)
Kaspersky, http://www.kaspersky.com/
Kumar, S., Chandrasekaran, B., Turner, J., Varghese, G.: Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In: ANCS 2007, pp. 155ā164 (2007)
Kohavi, Z.: Switching and Finite Automata Theory. McGraw-Hill Inc. (1979)
Nakahara, H., Sasao, T., Matsuura, M., Kawamura, Y.: A virus scanning engine using a parallel finite-input memory machine and MPUs. In: FPL 2009, pp. 635ā639 (2009)
Nakahara, H., Sasao, T., Matsuura, M., Kawamura, Y.: The parallel sieve method for a virus scanning engine. In: DSD 2009, pp. 809ā816 (2009)
PCRE: Perl compatible regular expressions, http://www.pcre.org/
Roan, H.C., Hawang, W.J., Dan Lo, C.T.: Shift-or circuit for efficient network intrusion detection pattern matching. In: FPL 2006, pp. 785ā790 (2006)
Sasao, T.: Memory-Based Logic Synthesis. Springer, Heidelberg (2011)
Sasao, T., Matsuura, M., Nakahara, H.: A realization of index generation functions using modules of uniform sizes. In: IWLS 2010, June 18-20, pp. 201ā208 (2010)
Sasao, T., Matsuura, M.: An implementation of an address generator using hash memories. In: DSD 2007, August 27-31, pp. 69ā76 (2007)
Tan, L., Sherwood, T.: A high throughput string matching architecture for intrusion detection and prevention. In: ISCA 2005, pp. 112ā122 (2005)
Thinh, T.N., Kittitornkun, S., Tomiyama, S.: Applying cuckoo hashing for FPGA-based pattern matching in NIDS/NIPS. In: ICFPT 2007, pp. 121ā128 (2007)
Xilinx inc, MicroBlaze, http://www.xilinx.com/
Yu, F., Katz, R.H., Lakshman, T.V.: Gigabit rate packet pattern matching using TCAM. In: ICNP 2004, pp. 174ā183 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nakahara, H., Sasao, T., Matsuura, M. (2012). A Low-Cost and High-Performance Virus Scanning Engine Using a Binary CAM Emulator and an MPU. In: Choy, O.C.S., Cheung, R.C.C., Athanas, P., Sano, K. (eds) Reconfigurable Computing: Architectures, Tools and Applications. ARC 2012. Lecture Notes in Computer Science, vol 7199. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28365-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-28365-9_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28364-2
Online ISBN: 978-3-642-28365-9
eBook Packages: Computer ScienceComputer Science (R0)