Malfinder: Accelerated malware classification system through filtering on manycore system

Control flow matching methods have been utilized to detect malware variants. However, as the number of malware variants has soared, it has become harder and harder to detect all malware variants while maintaining high accuracy. Even though many researchers have proposed control flow matching methods, there is still a trade-off between accuracy and performance. To solve this trade-off, we designed Malfinder, a method based on approximate matching, which is accurate but slow. To overcome its low performance, we resolve its performance bottleneck and non-parallelism on three fronts: I-Filter for identical string matching, table division to exclude unnecessary comparisons with some malware and dynamic resource allocation for efficient parallelism. Our performance evaluation shows that the total performance improvement is 280.9 times.