Abstract
We are presenting an innovative, deterministic approach to constructing highly compressed automata commonly used in malware signature scanning. Our implementation allows building a very efficient (storage-wise) approach for automata, with particular focus on the Aho-Corasick and Commentz-Walter algorithms, using a heterogeneous architecture that not only performs faster, but also supports much larger automata. Experimental results have shown that the memory required for the construction process of our approach is two times lower than in the classic CPU-only approach, while the overall construction time for the automata is improved by at least 50% on average in our experiments.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
NVIDIA, NVIDIA CUDA Compute Unified Device Architecture Programming Guide, version 4.1., http://developer.download.nvidia.com/compute/DevZone/docs/html/C/doc/CUDA_C_Programming_Guide.pdf
AMD, The HSA Architecture, http://developer.amd.com/resources/heterogeneous-computing/what-is-heterogeneous-system-architecture-hsa/
Vasiliadis, G.: GPU-assisted malware. In: 5th International Conference on Malicious and Unwanted Software (MALWARE) (2010)
Stewin, P., Bystrov, I.: Understanding DMA Malware. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 21–41. Springer, Heidelberg (2013)
Ladakis, E., Koromilas, L., Vasiliadis, G., Polychronakis, M., Ioannidis, S.: You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger. In: 6th European Workshop on System Security (EuroSec) (2013)
Herrero, A., Zurutuza, U., Corchado, E.: A Neural-Visualization IDS for Honeynet Data. Int. J. Neural Syst. 22(2) (2012)
Herrero, A., Navarro, M., Corchado, E., Julián, V.: RT-MOVICAB-IDS: Addressing real-time intrusion detection. Future Generation Comp. Syst. 29(1), 250–261 (2013)
Aho, A., Corasick, M.: Efficient string matching: An Aid to bibliographic search. Communications of the ACM 18(6), 333–340 (1975)
Pungila, C., Negru, V.: Towards Building Efficient Malware Detection Engines Using Hybrid CPU/GPU-Accelerated Approaches. In: Ruiz-Martinez, A., Marin-Lopez, R., Pereniguez-Garcia, F. (eds.) Architectures and Protocols for Secure Information Technology Infrastructures, pp. 237–264. IGI Global, Hershey (2014)
Commentz-Walter, B.: A string matching algorithm fast on the average. In: Maurer, H.A. (ed.) Automata, Languages and Programming. LNCS, vol. 71, pp. 118–132. Springer, Heidelberg (1979)
Wu, S., Manber, U.: A fast algorithm for multi-pattern searching. Technical Report TR-94-17, 1–11 (2004)
Boyer, R.S., Moore, J.S.: A fast string searching algorithm. Communications of the ACM 20, 762–772 (1977)
Pungila, C., Negru, V.: A Highly-Efficient Memory-Compression Approach for GPU-Accelerated Virus Signature Matching. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 354–369. Springer, Heidelberg (2012)
Clam AntiVirus, http://www.clamav.net
Pungila, C., Negru, V.: Real-Time Polymorphic Aho-Corasick Automata for Heterogeneous Malicious Code Detection. In: Herrero, A., Baruque, B., Klett, F., Abraham, A., Snasel, V., de Carvalho, A.C.P.L.F., Bringas, P.G., Zelinka, I., Quintian, H., Corchado, E. (eds.) International Joint Conference SOCO’13-CISIS’13-ICEUTE’13. AISC, vol. 239, pp. 439–448. Springer, Heidelberg (2014)
Pungila, C., Reja, M., Negru, V.: Efficient parallel automata construction for hybrid resource-impelled data-matching. Future Generation Computer Systems (2013) ISSN 0167-739X
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Pungila, C., Negru, V. (2014). An Efficient Heterogeneous Approach to Building Compressed Automata for Malware Signature Matching. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-07995-0_41
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07994-3
Online ISBN: 978-3-319-07995-0
eBook Packages: EngineeringEngineering (R0)