基于FPGA的ClamAV签名匹配算法

T. Ngoc, T. Hieu, H. Ishii, S. Tomiyama
{"title":"基于FPGA的ClamAV签名匹配算法","authors":"T. Ngoc, T. Hieu, H. Ishii, S. Tomiyama","doi":"10.1109/CCE.2014.6916730","DOIUrl":null,"url":null,"abstract":"Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.","PeriodicalId":377853,"journal":{"name":"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)","volume":"93 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Memory-efficient signature matching for ClamAV on FPGA\",\"authors\":\"T. Ngoc, T. Hieu, H. Ishii, S. Tomiyama\",\"doi\":\"10.1109/CCE.2014.6916730\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.\",\"PeriodicalId\":377853,\"journal\":{\"name\":\"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)\",\"volume\":\"93 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCE.2014.6916730\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCE.2014.6916730","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8

摘要

签名匹配是防病毒、入侵检测、防火墙等安全应用的一项重要任务。随着签名数量和复杂性的增加,匹配任务变得更加困难,特别是在通用处理器上。本文提出了一种在FPGA上匹配Clam Antivirus (ClamAV)签名的高效架构。我们利用布卢姆滤波技术对输入数据进行过滤,利用布卢姆滤波技术对可疑数据进行一轮检查。我们的匹配引擎支持256字节长度的签名,可以处理基本和正则表达式签名。与以前的方法相比,我们的架构具有更好的内存利用率,比以前的方法降低了14%-64%。在低成本Altera Cyclone II上的经验表明,我们的系统可以适应超过43K字符大小的签名集,并且能够实现每秒1千兆比特的吞吐量。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Memory-efficient signature matching for ClamAV on FPGA
Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信