Title :
The Parallel Sieve Method for a Virus Scanning Engine
Author :
Nakahara, Hiroki ; Sasao, Tsutomu ; Matsuura, Munehiro ; Kawamura, Yoshifumi
Author_Institution :
Kyushu Inst. of Technol., Japan
Abstract :
This paper shows a new architecture for a virus scanning system, which is different from that of an intrusion detection system. The proposed method uses two-stage matching: In the first stage, a hardware filter quickly scans the text to find partial matches, and in the second stage, the MPU scans the text to find a total match in the ClamAV 514,287 virus pattern set. To make the hardware filter simple, we use a finite-input memory machine (FIMM). To reduce the memory size of the FIMM, we introduce the parallel sieve method. The proposed method is memorybased, so it is quickly reconfigurable and dissipates lower power than a TCAM-based method. The system is implemented on the Stratix III FPGA with three off-chip SRAMs and an SDRAM, where all ClamAV 514,287 virus patterns are stored. Compared with existing methods, our method achieves 1.41-31.36 times more efficient area-throughput ratio.
Keywords :
DRAM chips; SRAM chips; computer viruses; field programmable gate arrays; SDRAM; Stratix III FPGA; TCAM-based method; finite-input memory machine; hardware filter; intrusion detection system; off-chip SRAM; parallel sieve method; two-stage matching; virus scanning engine; Field programmable gate arrays; Filters; Hardware; Internet; Pattern matching; Physical layer; Power dissipation; Random access memory; Search engines; Throughput; FPGA; Network; Reconfigurable Architecture; Virus Scanning;
Conference_Titel :
Digital System Design, Architectures, Methods and Tools, 2009. DSD '09. 12th Euromicro Conference on
Conference_Location :
Patras
Print_ISBN :
978-0-7695-3782-5
DOI :
10.1109/DSD.2009.208
