Skip to main content

A Low-Cost and High-Performance Virus Scanning Engine Using a Binary CAM Emulator and an MPU

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 7199)

Abstract

This paper shows a virus scanning engine using two-stage matching. In the first stage, a binary CAM emulator quickly detects a part of the virus pattern, while in the second stage, the MPU detects the full length of the virus pattern. The binary CAM emulator is realized by four index generation units (IGUs). The proposed system uses four off chip SRAMs and a small FPGA. Thus, the cost and the power consumption are lower than the TCAM-based system. The system loaded 1,290,617 ClamAV virus patterns. As for the area and throughput, this system outperforms existing FPGA-based implementations.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baker, Z.K., Jung, H., Prasanna, V.K.: Regular expression software deceleration for intrusion detection systems. In: FPL 2006, pp. 28–30 (2006)

    Google Scholar 

  2. CAST inc., MD5 IP Core, http://www.cast-inc.com/ip-cores/encryption/md5/

  3. ClamAV, http://www.clamav.net/

  4. Digi-key Corp., http://www.digikey.com/

  5. Ditmar, J., Torkelsson, K., Jantsch, A.: A Dynamically Reconfigurable FPGA-Based Content Addressable Memory for Internet Protocol Characterization. In: Grünbacher, H., Hartenstein, R.W. (eds.) FPL 2000. LNCS, vol. 1896, pp. 19–28. Springer, Heidelberg (2000)

    CrossRef  Google Scholar 

  6. Google, Google Safe Browsing API, http://code.google.com/intl/ja/apis/safebrowsing/

  7. Ho, J.T.L., Lemieux, G.G.F.: PERG-Rx: A hardware pattern-matching engine supporting limited regular expressions. In: FPGA 2009, pp. 257–260 (2009)

    Google Scholar 

  8. James-Roxby, P.B., Downs, D.J.: An efficient content-addressable memory implementation using dynamic routing. In: FCCM 2001, pp. 81–90 (2001)

    Google Scholar 

  9. Jiang, W., Wang, Q., Prasanna, V.K.: Beyond TCAMs: An SRAM-based parallel multi-pipeline architecture for terabit IP lookup. In: INFOCOM 2008, pp. 1786–1794 (2008)

    Google Scholar 

  10. Kaspersky, http://www.kaspersky.com/

  11. Kumar, S., Chandrasekaran, B., Turner, J., Varghese, G.: Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia. In: ANCS 2007, pp. 155–164 (2007)

    Google Scholar 

  12. Kohavi, Z.: Switching and Finite Automata Theory. McGraw-Hill Inc. (1979)

    Google Scholar 

  13. Nakahara, H., Sasao, T., Matsuura, M., Kawamura, Y.: A virus scanning engine using a parallel finite-input memory machine and MPUs. In: FPL 2009, pp. 635–639 (2009)

    Google Scholar 

  14. Nakahara, H., Sasao, T., Matsuura, M., Kawamura, Y.: The parallel sieve method for a virus scanning engine. In: DSD 2009, pp. 809–816 (2009)

    Google Scholar 

  15. PCRE: Perl compatible regular expressions, http://www.pcre.org/

  16. Roan, H.C., Hawang, W.J., Dan Lo, C.T.: Shift-or circuit for efficient network intrusion detection pattern matching. In: FPL 2006, pp. 785–790 (2006)

    Google Scholar 

  17. Sasao, T.: Memory-Based Logic Synthesis. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  18. Sasao, T., Matsuura, M., Nakahara, H.: A realization of index generation functions using modules of uniform sizes. In: IWLS 2010, June 18-20, pp. 201–208 (2010)

    Google Scholar 

  19. Sasao, T., Matsuura, M.: An implementation of an address generator using hash memories. In: DSD 2007, August 27-31, pp. 69–76 (2007)

    Google Scholar 

  20. Tan, L., Sherwood, T.: A high throughput string matching architecture for intrusion detection and prevention. In: ISCA 2005, pp. 112–122 (2005)

    Google Scholar 

  21. Thinh, T.N., Kittitornkun, S., Tomiyama, S.: Applying cuckoo hashing for FPGA-based pattern matching in NIDS/NIPS. In: ICFPT 2007, pp. 121–128 (2007)

    Google Scholar 

  22. Xilinx inc, MicroBlaze, http://www.xilinx.com/

  23. Yu, F., Katz, R.H., Lakshman, T.V.: Gigabit rate packet pattern matching using TCAM. In: ICNP 2004, pp. 174–183 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nakahara, H., Sasao, T., Matsuura, M. (2012). A Low-Cost and High-Performance Virus Scanning Engine Using a Binary CAM Emulator and an MPU. In: Choy, O.C.S., Cheung, R.C.C., Athanas, P., Sano, K. (eds) Reconfigurable Computing: Architectures, Tools and Applications. ARC 2012. Lecture Notes in Computer Science, vol 7199. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28365-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28365-9_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28364-2

  • Online ISBN: 978-3-642-28365-9

  • eBook Packages: Computer ScienceComputer Science (R0)