A highly-efficient memory-compression approach for GPU-Accelerated virus signature matching

Authors:
Ciprian Pungila;Viorel Negru
Affiliations:
West University of Timisoara, Timisoara, Timis, Romania;West University of Timisoara, Timisoara, Timis, Romania
Venue:
ISC'12 Proceedings of the 15th international conference on Information Security
Year:
2012

Citing 11
Cited 0

A fast string searching algorithm

Communications of the ACM
Efficient string matching: an aid to bibliographic search

Communications of the ACM
A String Matching Algorithm Fast on the Average

Proceedings of the 6th Colloquium, on Automata, Languages and Programming
Avfs: an on-access anti-virus file system

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Hash-AV: fast virus signature scanning by cache-resident filters

International Journal of Security and Networks
Gnort: High Performance Network Intrusion Detection Using Graphics Processors

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Bray-Curtis Weighted Automaton for Detecting Malicious Code Through System-Call Analysis

SYNASC '09 Proceedings of the 2009 11th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing
SplitScreen: enabling efficient, distributed malware detection

NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
GrAVity: a massively parallel antivirus engine

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A Hybrid Algorithm of Backward Hashing and Automaton Tracking for Virus Scanning

IEEE Transactions on Computers
MIDeA: a multi-parallel intrusion detection architecture

Proceedings of the 18th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We are proposing an approach for implementing highly compressed Aho-Corasick and Commentz-Walter automatons for performing GPU-accelerated virus scanning, suitable for implementation in real-world software and hardware systems. We are performing experiments using the set of virus signatures from ClamAV and a CUDA-based graphics card, showing how memory consumption can be improved dramatically (along with run-time performance), both in the pre-processing stage and at run-time. Our approach also ensures maximum bandwidth for the data transfer required in the pre-processing stage, between the host and the device memory, making it ideal for implementation in real-time virus scanners. Finally, we show how using this model and an efficient combination of the two automata can result in much lower memory requirements in real-world implementations.