Summary cache: a scalable wide-area Web cache sharing protocol
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Avfs: an on-access anti-virus file system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
SCAMPI: a scalable CAM-based algorithm for multiple pattern inspection
Proceedings of the Conference on High Performance Computing Networking, Storage and Analysis
Small subset queries and bloom filters using ternary associative memories, with applications
Proceedings of the ACM SIGMETRICS international conference on Measurement and modeling of computer systems
IEEE 802.11 user fingerprinting and its applications for intrusion detection
Computers & Mathematics with Applications
SplitScreen: enabling efficient, distributed malware detection
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Cardinality estimation and dynamic length adaptation for Bloom filters
Distributed and Parallel Databases
GrAVity: a massively parallel antivirus engine
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
SigMatch: fast and scalable multi-pattern matching
Proceedings of the VLDB Endowment
Wireless telemedicine and m-health: technologies, applications and research issues
International Journal of Sensor Networks
The effect of leaders on the consistency of group behaviour
International Journal of Sensor Networks
Security and Communication Networks
A highly-efficient memory-compression approach for GPU-Accelerated virus signature matching
ISC'12 Proceedings of the 15th international conference on Information Security
Scalable fine-grained behavioral clustering of HTTP-based malware
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Fast virus scanning is becoming increasingly important in today's internet. While Moore's law continues to double CPU cycle speed, virus scanning applications fail to ride on the performance wave due to their frequent random memory accesses. This paper proposes Hash-AV, a virus scanning 'booster' technique that aims to take advantage of improvements in CPU performance. Using a set of hash functions and a Bloom filter array that fits in CPU second-level (L2) caches, Hash-AV determines the majority of 'no-match' cases without accesses to main memory. Experiments show that Hash-AV improves the performance of the open-source virus scanner Clam-AV by a factor of 2 10. The key to Hash-AV's success lies in a set of 'bad but cheap' hash functions that are used as initial hashes. The speed of Hash-AV makes it well suited for 'on-access' virus scanning, providing greater protections to the user. Through intercepting system calls and wrapping glibc libraries, we have implemented an 'on-access' version for Hash-AV+Clam-AV. The on-access scanner can examine input data at a throughput of over 200 Mb/s, making it suitable for network-based virus scanning.