{"title":"基于FPGA的ClamAV签名匹配算法","authors":"T. Ngoc, T. Hieu, H. Ishii, S. Tomiyama","doi":"10.1109/CCE.2014.6916730","DOIUrl":null,"url":null,"abstract":"Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.","PeriodicalId":377853,"journal":{"name":"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)","volume":"93 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Memory-efficient signature matching for ClamAV on FPGA\",\"authors\":\"T. Ngoc, T. Hieu, H. Ishii, S. Tomiyama\",\"doi\":\"10.1109/CCE.2014.6916730\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.\",\"PeriodicalId\":377853,\"journal\":{\"name\":\"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)\",\"volume\":\"93 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCE.2014.6916730\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCE.2014.6916730","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Memory-efficient signature matching for ClamAV on FPGA
Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.