Skip to main content
SpringerLink
Log in

Memory-Based Multi-pattern Signature Scanning for ClamAV Antivirus

  • Conference paper
Future Data and Security Engineering (FDSE 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8860))

Included in the following conference series:

Abstract

Signature scanning plays an important role on modern security application such as virus scanners, intrusion detection/prevention systems, and firewalls. High demand of scanning throughput gives rise to recent efforts on hardware-based matching engine. In this paper, we proposed an efficient architecture for matching Clam Antivirus (ClamAV) signatures on reconfigurable platform (FPGA). We utilize Bloom filter technique for filtering input data and Bloomier filter technique for one round check suspect data. Our proposed approach supports up to 256 byte length signatures and can handle both basic and regular expression signatures. Our prototype on NetFPGA platform could handle up to 16K regular expression signatures and 64K basic signatures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Sourdis, I., Pnevmatikatos, D., Wong, S., Vassiliadis, S.: A reconfigurable perfect-hashing scheme for packet inspection. In: Proceeding of FPL, pp. 644–647 (2005)

    Google Scholar 

  2. Thinh, T.N., Kittitornkun, S., Tomiyama, S.: - Applying cuckoo hashing for FPGA-based pattern matching in NIDS/NIPS. In: Proceeding of ICFPT, pp. 121–128 (2007)

    Google Scholar 

  3. van Lunteren, J.: High-performance pattern-matching for intrusion detection. In: Proceeding of IEEE Int’l. Conf. on Comp. Comm., pp. 1–13 (2006)

    Google Scholar 

  4. Papadopoulos, G., Pnevmatikatos, D.: - Hashing + memory = low cost, exact pattern matching. In: Proceeding of FPL, pp. 39–44 (2005)

    Google Scholar 

  5. Thinh, T.N., Kittitornkun, S.: Systolic Array for String Matching in NIDS. In: Proceeding of 4th IASTED Asian Conference Communication System and Networks, April 2-4 (2007)

    Google Scholar 

  6. Zhou, X., Xu, B., Qi, Y., Li, J.: MRSI: A fast pattern matching algorithm for anti-virus applications. In: Int’l. Conf. on Networking, pp. 256–261 (2008)

    Google Scholar 

  7. Ho, J.T.L., Lemieux, G.G.F.: PERG: A Scalable FPGA-based Pattern-matching Engine with Consolidated Bloomier Filters. In: ICECE Technology, FPT 2008 (2008)

    Google Scholar 

  8. Tuan, N.D.A., Hieu, B.T., Thinh, T.N.: High Performance Pattern Matching using Bloom Bloomier Filter. In: The 7th IEEE International Conference Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (2010)

    Google Scholar 

  9. Bloom, B.: Space/Time Tradeoffs in Hash Coding with Allowance Errors. Comm. ACM 13(7), 422–426 (1970)

    Article  MATH  Google Scholar 

  10. Ehtesham Rafiq, A.N.M., El-Kharashi, M.W., Gebali, F.: Systolic Arraybased String Matching Unit for Spam Blocking. In: Proceeding of 9th IDEAS (2005)

    Google Scholar 

  11. Aho, A.V., Corasick, M.J.: - Efficient string matching: an aid to bibliographic search. Communications of the ACM 18, 333–340 (1975)

    Article  MathSciNet  MATH  Google Scholar 

  12. Pnevmatikatos, D.N., Arelakis, A.: Variable-length hashing for Exact Pattern Matching. In: Proceeding of FPL 2006, pp. 1–6 (2006)

    Google Scholar 

  13. Song, H., Dharmapurikar, S., Turner, J., Lockwood, J.: Fast Hash Table Lookup Using Extended Bloom Filter: An Aid to Network Processing. ACM SIGCOMM 35(4), 181–192 (2005)

    Article  Google Scholar 

  14. Chazelle, B., Kilian, J., Robinfeld, R., Tal, A.: - The Bloomier Filter: an Efficient Data Structure for Static Support Lookup Table, pp. 30–39. Society for Industrial and Applied Mathematics (2004)

    Google Scholar 

  15. Hasan, J., Cadambi, S., Jakkula, V., Chakradhar, S.: Chisel: A Storage efficient, Collision-free Hash-based Network Processing Architecture. In: Proceeding of 33rd International Symposium on Computer Architecture, pp. 203–215

    Google Scholar 

  16. Thinh, T.N., Surin, K., Shigenori, T.: PAMELA: Pattern Matching Engine with Limited-Time Update for NIDS/NIPS. IEICE(E92-D) (5), 1049–1061 (May 2009)

    Google Scholar 

  17. Hieu, T.T., Thinh, T.N., Shigenori, T.: ENREM: An efficient NFA-based regular expression matching engine on reconfigurable hardware for NIDS. Journal of Systems Architecture 59(4), 202–212 (2013)

    Article  Google Scholar 

  18. NetFPGA. Netfpga platform technical specifications (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Engineering, HCMC University of Technology, Ho Chi Minh City, Vietnam

    Nguyen Kim Dien, Tran Trung Hieu & Tran Ngoc Thinh

Authors
  1. Nguyen Kim Dien
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tran Trung Hieu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tran Ngoc Thinh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Technology, 268 Ly Thuong Kiet Street, District 10, Ho Chi Minh City, Vietnam

    Tran Khanh Dang  & Nam Thoai  & 

  2. Johannes Kepler University Linz, Altenberger Straße 69, 4040, Linz, Austria

    Roland Wagner  & Josef Küng  & 

  3. University of Vienna, Währinger Straße 29, 1190, Wien, Austria

    Erich Neuhold

  4. Hosei University, 3-7-2, Kajino-machi, 184-8584, Koganei-shi, Tokyo, Japan

    Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Dien, N.K., Hieu, T.T., Thinh, T.N. (2014). Memory-Based Multi-pattern Signature Scanning for ClamAV Antivirus. In: Dang, T.K., Wagner, R., Neuhold, E., Takizawa, M., Küng, J., Thoai, N. (eds) Future Data and Security Engineering. FDSE 2014. Lecture Notes in Computer Science, vol 8860. Springer, Cham. https://doi.org/10.1007/978-3-319-12778-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12778-1_5

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12777-4

  • Online ISBN: 978-3-319-12778-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation