{"title":"一个可扩展的模式匹配加速器","authors":"J. Ho, G. Lemieux","doi":"10.1109/MNRC.2008.4683370","DOIUrl":null,"url":null,"abstract":"PERG is an FPGA application for accelerating detection of computer virus signatures (patterns). A pattern consists of a sequence of one or more segments separated by gaps of fixed lengths. PERG preprocesses a database of these patterns into hardware. To our knowledge, PERG is the first pattern matching hardware targeting viruses, as well as the first among network intrusion detection systems (NIDS), which are similar in nature to PERG, to implement Bloomier filters. This makes guarding against false positives faster than traditional Bloom filters because verification requires checking against one pattern instead of several patterns. Using the ClamAV antivirus database, PERG fits 80,282 patterns containing over 8,224,848 characters into one modest FPGA chip with a small (4 MB) off-chip memory. The architecture achieves roughly 26x improved density (characters per memory bit) compared to the next-best NIDS pattern-matching engine which fits only 1/250th the characters. With an estimated throughput of about 200MB/s, PERG keeps up with most network or disk interfaces.","PeriodicalId":247684,"journal":{"name":"2008 1st Microsystems and Nanoelectronics Research Conference","volume":"219 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"PERG: A scalable pattern-matching accelerator\",\"authors\":\"J. Ho, G. Lemieux\",\"doi\":\"10.1109/MNRC.2008.4683370\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"PERG is an FPGA application for accelerating detection of computer virus signatures (patterns). A pattern consists of a sequence of one or more segments separated by gaps of fixed lengths. PERG preprocesses a database of these patterns into hardware. To our knowledge, PERG is the first pattern matching hardware targeting viruses, as well as the first among network intrusion detection systems (NIDS), which are similar in nature to PERG, to implement Bloomier filters. This makes guarding against false positives faster than traditional Bloom filters because verification requires checking against one pattern instead of several patterns. Using the ClamAV antivirus database, PERG fits 80,282 patterns containing over 8,224,848 characters into one modest FPGA chip with a small (4 MB) off-chip memory. The architecture achieves roughly 26x improved density (characters per memory bit) compared to the next-best NIDS pattern-matching engine which fits only 1/250th the characters. With an estimated throughput of about 200MB/s, PERG keeps up with most network or disk interfaces.\",\"PeriodicalId\":247684,\"journal\":{\"name\":\"2008 1st Microsystems and Nanoelectronics Research Conference\",\"volume\":\"219 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-11-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 1st Microsystems and Nanoelectronics Research Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MNRC.2008.4683370\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 1st Microsystems and Nanoelectronics Research Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MNRC.2008.4683370","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
PERG is an FPGA application for accelerating detection of computer virus signatures (patterns). A pattern consists of a sequence of one or more segments separated by gaps of fixed lengths. PERG preprocesses a database of these patterns into hardware. To our knowledge, PERG is the first pattern matching hardware targeting viruses, as well as the first among network intrusion detection systems (NIDS), which are similar in nature to PERG, to implement Bloomier filters. This makes guarding against false positives faster than traditional Bloom filters because verification requires checking against one pattern instead of several patterns. Using the ClamAV antivirus database, PERG fits 80,282 patterns containing over 8,224,848 characters into one modest FPGA chip with a small (4 MB) off-chip memory. The architecture achieves roughly 26x improved density (characters per memory bit) compared to the next-best NIDS pattern-matching engine which fits only 1/250th the characters. With an estimated throughput of about 200MB/s, PERG keeps up with most network or disk interfaces.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
