Conference Paper

The Parallel Sieve Method for a Virus Scanning Engine

Kyushu Inst. of Technol., Japan
DOI: 10.1109/DSD.2009.208 Conference: Digital System Design, Architectures, Methods and Tools, 2009. DSD '09. 12th Euromicro Conference on
Source: IEEE Xplore

ABSTRACT

This paper shows a new architecture for a virus scanning system, which is different from that of an intrusion detection system. The proposed method uses two-stage matching: In the first stage, a hardware filter quickly scans the text to find partial matches, and in the second stage, the MPU scans the text to find a total match in the ClamAV 514,287 virus pattern set. To make the hardware filter simple, we use a finite-input memory machine (FIMM). To reduce the memory size of the FIMM, we introduce the parallel sieve method. The proposed method is memorybased, so it is quickly reconfigurable and dissipates lower power than a TCAM-based method. The system is implemented on the Stratix III FPGA with three off-chip SRAMs and an SDRAM, where all ClamAV 514,287 virus patterns are stored. Compared with existing methods, our method achieves 1.41-31.36 times more efficient area-throughput ratio.

Download full-text

Full-text

Available from: Hiroki Nakahara, Jul 03, 2014
Show more