Title :
PERG: A scalable pattern-matching accelerator
Author :
Ho, Johnny T Lin ; Lemieux, Guy G F
Author_Institution :
Dept. of Electr. & Comput. Eng, Univ. of British Columbia, Vancouver, BC
Abstract :
PERG is an FPGA application for accelerating detection of computer virus signatures (patterns). A pattern consists of a sequence of one or more segments separated by gaps of fixed lengths. PERG preprocesses a database of these patterns into hardware. To our knowledge, PERG is the first pattern matching hardware targeting viruses, as well as the first among network intrusion detection systems (NIDS), which are similar in nature to PERG, to implement Bloomier filters. This makes guarding against false positives faster than traditional Bloom filters because verification requires checking against one pattern instead of several patterns. Using the ClamAV antivirus database, PERG fits 80,282 patterns containing over 8,224,848 characters into one modest FPGA chip with a small (4 MB) off-chip memory. The architecture achieves roughly 26x improved density (characters per memory bit) compared to the next-best NIDS pattern-matching engine which fits only 1/250th the characters. With an estimated throughput of about 200MB/s, PERG keeps up with most network or disk interfaces.
Keywords :
computer viruses; field programmable gate arrays; filters; pattern matching; Bloomier filters; ClamAV antivirus database; FPGA; PERG; computer virus signatures; false positives; network intrusion detection systems; scalable pattern-matching accelerator; Acceleration; Application software; Databases; Field programmable gate arrays; Hardware; Intrusion detection; Matched filters; Memory architecture; Pattern matching; Viruses (medical); Antivirus; Bloomier Filter; FPGA; Pattern Matching;
Conference_Titel :
Microsystems and Nanoelectronics Research Conference, 2008. MNRC 2008. 1st
Conference_Location :
Ottawa, Ont.
Print_ISBN :
978-1-4244-2920-2
Electronic_ISBN :
978-1-4244-2921-9
DOI :
10.1109/MNRC.2008.4683370
