A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Implementation of a Content-Scanning Module for an Internet Firewall
FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Time and area efficient pattern matching on FPGAs
FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Avfs: an on-access anti-virus file system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Journal of Systems Architecture: the EUROMICRO Journal
Hash-AV: fast virus signature scanning by cache-resident filters
International Journal of Security and Networks
Exact multi-pattern string matching on the cell/b.e. processor
Proceedings of the 5th conference on Computing frontiers
Scalable multigigabit pattern matching for packet inspection
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
A GPU-Based Multiple-Pattern Matching Algorithm for Network Intrusion Detection Systems
AINAW '08 Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
PERG-Rx: a hardware pattern-matching engine supporting limited regular expressions
Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
A Hybrid Parallel Signature Matching Model for Network Security Applications Using SIMD GPU
APPT '09 Proceedings of the 8th International Symposium on Advanced Parallel Processing Technologies
Proceedings of the 2nd international conference on Security of information and networks
Regular Expression Matching on Graphics Hardware for Intrusion Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Efficient pattern matching on GPUs for intrusion detection systems
Proceedings of the 7th ACM international conference on Computing frontiers
SplitScreen: enabling efficient, distributed malware detection
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
SafeCard: a gigabit IPS on the network card
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Experiences with string matching on the fermi architecture
ARCS'11 Proceedings of the 24th international conference on Architecture of computing systems
A highly-efficient memory-compression approach for GPU-Accelerated virus signature matching
ISC'12 Proceedings of the 15th international conference on Information Security
Review: Intrusion detection system: A comprehensive review
Journal of Network and Computer Applications
The impact of the antivirus on the digital evidence
International Journal of Electronic Security and Digital Forensics
Hi-index | 0.00 |
In the ongoing arms race against malware, antivirus software is at the forefront, as one of the most important defense tools in our arsenal. Antivirus software is flexible enough to be deployed from regular users desktops, to corporate e-mail proxies and file servers. Unfortunately, the signatures necessary to detect incoming malware number in the tens of thousands. To make matters worse, antivirus signatures are a lot longer than signatures in network intrusion detection systems. This leads to extremely high computation costs necessary to perform matching of suspicious data against those signatures. In this paper, we present GrAVity, a massively parallel antivirus engine. Our engine utilized the compute power of modern graphics processors, that contain hundreds of hardware microprocessors. We have modified ClamAV, the most popular open source antivirus software, to utilize our engine. Our prototype implementation has achieved end-toend throughput in the order of 20 Gbits/s, 100 times the performance of the CPU-only ClamAV, while almost completely offloading the CPU, leaving it free to complete other tasks. Our micro-benchmarks have measured our engine to be able to sustain throughput in the order of 40 Gbits/s. The results suggest that modern graphics cards can be used effectively to perform heavy-duty anti-malware operations at speeds that cannot be matched by traditional CPU based techniques.