基于FPGA的ClamAV签名匹配算法

2014 IEEE Fifth International Conference on Communications and Electronics (ICCE) Pub Date : 2014-10-07 DOI:10.1109/CCE.2014.6916730

T. Ngoc, T. Hieu, H. Ishii, S. Tomiyama

{"title":"基于FPGA的ClamAV签名匹配算法","authors":"T. Ngoc, T. Hieu, H. Ishii, S. Tomiyama","doi":"10.1109/CCE.2014.6916730","DOIUrl":null,"url":null,"abstract":"Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.","PeriodicalId":377853,"journal":{"name":"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)","volume":"93 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Memory-efficient signature matching for ClamAV on FPGA\",\"authors\":\"T. Ngoc, T. Hieu, H. Ishii, S. Tomiyama\",\"doi\":\"10.1109/CCE.2014.6916730\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.\",\"PeriodicalId\":377853,\"journal\":{\"name\":\"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)\",\"volume\":\"93 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCE.2014.6916730\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCE.2014.6916730","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

签名匹配是防病毒、入侵检测、防火墙等安全应用的一项重要任务。随着签名数量和复杂性的增加，匹配任务变得更加困难，特别是在通用处理器上。本文提出了一种在FPGA上匹配Clam Antivirus (ClamAV)签名的高效架构。我们利用布卢姆滤波技术对输入数据进行过滤，利用布卢姆滤波技术对可疑数据进行一轮检查。我们的匹配引擎支持256字节长度的签名，可以处理基本和正则表达式签名。与以前的方法相比，我们的架构具有更好的内存利用率，比以前的方法降低了14%-64%。在低成本Altera Cyclone II上的经验表明，我们的系统可以适应超过43K字符大小的签名集，并且能够实现每秒1千兆比特的吞吐量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Memory-efficient signature matching for ClamAV on FPGA

Signature matching is a crucial task of various security applications such as antiviruses, intrusion detections, and firewalls. The growth in quantity and complexity of signatures made matching task more challenge especially on general purpose processor. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on FPGA. We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our matching engine support up to 256 byte length signature and can handle both basic and regular expression signatures. Compare to previous approaches, our architecture is better memory utilization with 14%-64% less than previous works. Experiences on low-cost Altera Cyclone II show that our system can fit signature set with more than 43K characters size and is capable of 1 gigabit per second throughput.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE Fifth International Conference on Communications and Electronics (ICCE)

自引率

0.00%

发文量