This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Hardware-Software Codesign for High-Speed Signature-based Virus Scanning
September/October 2009 (vol. 29 no. 5)
pp. 56-65
Ying-Dar Lin, National Chiao Tung University
Po-Ching Lin, National Chung Cheng University
Yuan-Cheng Lai, National Taiwan University of Science and Technology
Tai-Ying Liu, Avermedia

High-speed network content security applications often offload signature matching to hardware. In such systems, the throughput of the overall system, rather than the hardware engine alone, is significant. The authors offload virus scanning in the ClamAV antivirus package to the BFAST* hardware engine. They find that the data-passing processes significantly degrade system throughput.

1. P.-C. Lin et al., "Using String Matching for Deep Packet Inspection," Computer, vol. 41, no. 4, Apr. 2008, pp. 23-28.
2. M. Aldwairi, T. Conte, and P. Franzon, "Configurable String Matching Hardware for Speeding Up Intrusion Detection," ACM SIGARCH Computer Architecture News, vol. 33, no. 1, 2005, pp. 99-107.
3. Z.K. Baker and V.K. Prasanna, "A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs," Proc. 12th Ann. IEEE Symp. Field-Programmable Custom Computing Machines (FCCM 04), IEEE CS Press, 2004, pp.135-144.
4. L. Tan, B. Brotherton, and T. Sherwood, "Bit-Split String-Matching Engines for Intrusion Detection and Prevention," ACM Trans. Architecture and Code Optimization, vol. 3, no. 1, Mar. 2006, pp. 3-34.
5. S. Dharmapurikar, M. Attig, and J. Lockwood, "Deep Packet Inspection Using Parallel Bloom Filters," IEEE Micro, vol. 24, no. 1, Jan./Feb. 2004, pp. 52-61.
6. N. Tuck et al., "Deterministic Memory-Efficient String Matching Algorithms for Intrusion Detection," Proc. IEEE Infocom Conf., IEEE Press, 2004, pp. 2628- 2639.
7. T. Liu et al., "The Design and Implementation of Zero-Copy for Linux," Proc. 8th Int'l Conf. Intelligent Systems Design and Application (ISDA 08), IEEE CS Press, 2008, pp. 121-126.
8. P. Halvorsen et al., "Performance Tradeoffs for Static Allocation of Zero-Copy Buffers," Proc. Euromicro Conf. (EuroMicro 02), IEEE CS Press, 2002, pp. 138-143.
9. M. Handley, C. Kreibich, and V. Paxson, "Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics," Proc. Usenix Security Symp., Usenix Assoc., 2001, pp. 115-131.

Index Terms:
string matching, hardware-software codesign, deep packet inspection
Citation:
Ying-Dar Lin, Po-Ching Lin, Yuan-Cheng Lai, Tai-Ying Liu, "Hardware-Software Codesign for High-Speed Signature-based Virus Scanning," IEEE Micro, vol. 29, no. 5, pp. 56-65, Sept.-Oct. 2009, doi:10.1109/MM.2009.81
Usage of this product signifies your acceptance of the Terms of Use.