Abstract
Signature scanning plays an important role on modern security application such as virus scanners, intrusion detection/prevention systems, and firewalls. High demand of scanning throughput gives rise to recent efforts on hardware-based matching engine. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on reconfigurable platform (FPGA). We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our proposed approach supports up to 256 byte length signatures and can handle both basic and regular expression signatures. Our prototype on NetFPGA platform could handle up to 16K regular expression signatures and 64K basic signatures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sourdis, I., Pnevmatikatos, D., Wong, S., Vassiliadis, S.: A reconfigurable perfect-hashing scheme for packet inspection. In: Proceeding of FPL, pp. 644–647 (2005)
Thinh, T.N., Kittitornkun, S., Tomiyama, S.: - Applying cuckoo hashing for FPGA-based pattern matching in NIDS/NIPS. In: Proceeding of ICFPT, pp. 121–128 (2007)
van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: Proceeding of IEEE Int’l. Conf. on Comp. Comm., pp. 1–13 (2006)
Papadopoulos, G., Pnevmatikatos, D.: - Hashing + memory = low cost, exact pattern matching. In: Proceeding of FPL, pp. 39–44 (2005)
Thinh, T.N., Kittitornkun, S.: Systolic Array for String Matching in NIDS. In: Proceeding of 4th IASTED Asian Conference Communication System and Networks, April 2-4 (2007)
Zhou, X., Xu, B., Qi, Y., Li, J.: MRSI: A fast pattern matching algorithm for anti-virus applications. In: Int’l. Conf. on Networking, pp. 256–261 (2008)
Ho, J.T.L., Lemieux, G.G.F.: PERG: A Scalable FPGA-based Pattern-matching Engine with Consolidated Bloomier Filters. In: ICECE Technology, FPT 2008 (2008)
Tuan, N.D.A., Hieu, B.T., Thinh, T.N.: High Performance Pattern Matching using Bloom Bloomier Filter. In: The 7th IEEE International Conference Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (2010)
Bloom, B.: Space/Time Tradeoffs in Hash Coding with Allowance Errors. Comm. ACM 13(7), 422–426 (1970)
Ehtesham Rafiq, A.N.M., El-Kharashi, M.W., Gebali, F.: Systolic Arraybased String Matching Unit for Spam Blocking. In: Proceeding of 9th IDEAS (2005)
Aho, A.V., Corasick, M.J.: - Efficient string matching: an aid to bibliographic search. Communications of the ACM 18, 333–340 (1975)
Pnevmatikatos, D.N., Arelakis, A.: Variable-length hashing for Exact Pattern Matching. In: Proceeding of FPL 2006, pp. 1–6 (2006)
Song, H., Dharmapurikar, S., Turner, J., Lockwood, J.: Fast Hash Table Lookup Using Extended Bloom Filter: An Aid to Network Processing. ACM SIGCOMM 35(4), 181–192 (2005)
Chazelle, B., Kilian, J., Robinfeld, R., Tal, A.: - The Bloomier Filter: an Efficient Data Structure for Static Support Lookup Table, pp. 30–39. Society for Industrial and Applied Mathematics (2004)
Hasan, J., Cadambi, S., Jakkula, V., Chakradhar, S.: Chisel: A Storage efficient, Collision-free Hash-based Network Processing Architecture. In: Proceeding of 33rd International Symposium on Computer Architecture, pp. 203–215
Thinh, T.N., Surin, K., Shigenori, T.: PAMELA: Pattern Matching Engine with Limited-Time Update for NIDS/NIPS. IEICE(E92-D) (5), 1049–1061 (May 2009)
Hieu, T.T., Thinh, T.N., Shigenori, T.: ENREM: An efficient NFA-based regular expression matching engine on reconfigurable hardware for NIDS. Journal of Systems Architecture 59(4), 202–212 (2013)
NetFPGA. Netfpga platform technical specifications (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Dien, N.K., Hieu, T.T., Thinh, T.N. (2014). Memory-Based Multi-pattern Signature Scanning for ClamAV Antivirus. In: Dang, T.K., Wagner, R., Neuhold, E., Takizawa, M., Küng, J., Thoai, N. (eds) Future Data and Security Engineering. FDSE 2014. Lecture Notes in Computer Science, vol 8860. Springer, Cham. https://doi.org/10.1007/978-3-319-12778-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-12778-1_5
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12777-4
Online ISBN: 978-3-319-12778-1
eBook Packages: Computer ScienceComputer Science (R0)