STRING SEARCHING ENGINE FOR VIRUS SCANNING Author ： Derek Pao, Xing Wang, Xiaoran Wang, Cong Cao, Yuesheng Zhu Publisher ： TRANSACTIONS ON COMPUTERS, 2012.

Slides:

Advertisements

Similar presentations

Authors: Wei Lin, Bin Liu Publisher: ICPADS, 2008 (IEEE International Conference on Parallel and Distributed Systems) Presenter: Chia-Yi, Chu Date: 2014/03/05.

Advertisements

FPGA Configuration. Introduction What is configuration? – Process for loading data into the FPGA Configuration Data Source Configuration Data Source FPGA.

Massively Parallel Cuckoo Pattern Matching Applied For NIDS/NIPS  Author: Tran Ngoc Thinh, Surin Kittitornkun  Publisher: Electronic Design, Test and.

Hybrid Data Structure for IP Lookup in Virtual Routers Using FPGAs Authors: Oĝuzhan Erdem, Hoang Le, Viktor K. Prasanna, Cüneyt F. Bazlamaçcı Publisher:

Reviewer: Jing Lu Gigabit Rate Packet Pattern- Matching Using TCAM Fang Yu, Randy H. Katz T. V. Lakshman UC Berkeley Bell Labs, Lucent ICNP’2004.

Multithreaded FPGA Acceleration of DNA Sequence Mapping Edward Fernandez, Walid Najjar, Stefano Lonardi, Jason Villarreal UC Riverside, Department of Computer.

A Memory-Efficient Reconfigurable Aho-Corasick FSM Implementation for Intrusion Detection Systems Authors: Seongwook Youn and Dennis McLeod Presenter:

Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

1 A Virus Scanning Engine Using a Parallel Finite-Input Memory Machine and MPUs Author: Hiroki Nakahara, Tsutomu Sasao, Munehiro Matsuura, and Yoshifumi.

1 FPGA-based ROM-free network intrusion detection using shift-OR circuit Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

1 Multi-Core Architecture on FPGA for Large Dictionary String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

1 Regular expression matching with input compression ： a hardware design for use within network intrusion detection systems Department of Computer Science.

Pipelined Architecture For Multi-String Match Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

1 Performance Improvement of Two-Dimensional Packet Classification by Filter Rephrasing Department of Computer Science and Information Engineering National.

A Signature Match Processor Architecture for Network Intrusion Detection Janardhan Singaraju, Long Bu and John A. Chandy Electrical and Computer Engineering.

Configuration. Mirjana Stojanovic Process of loading bitstream of a design into the configuration memory. Bitstream is the transmission.

The 8051 Microcontroller Architecture

Anti Virus Techniques Jordan & Ryan Use of Checksum The Binary for key files is added up to a number especially in the boot files When these files are.

The Operating System The operation system (OS) is a set of programs that coordinates: Hardware functions Interaction between application software and computer.

GallagherP188/MAPLD20041 Accelerating DSP Algorithms Using FPGAs Sean Gallagher DSP Specialist Xilinx Inc.

GPGPU platforms GP - General Purpose computation using GPU

INTRODUCTION TO MICROCONTROLLER. What is a Microcontroller A microcontroller is a complete microprocessor system, consisting of microprocessor, limited.

SHOCK: A Worst-Case Ensured Sub-linear Time Pattern Matching Algorithm for Inline Anti-Virus Scanning Author: Nen-Fu Huang, Wen-Yen Tsai Publisher: IEEE.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

1 Route Table Partitioning and Load Balancing for Parallel Searching with TCAMs Department of Computer Science and Information Engineering National Cheng.

 Author: Tsern-Huei Lee  Publisher: 2009 IEEE Transation on Computers  Presenter: Yuen-Shuo Li  Date: 2013/09/18 1.

Sarang Dharmapurikar With contributions from : Praveen Krishnamurthy,

1 SERIAL PORT INTERFACE FOR MICROCONTROLLER EMBEDDED INTO INTEGRATED POWER METER Mr. Borisav Jovanović, Prof.dr Predrag Petković, Prof.dr. Milunka Damnjanović,

Author ： Ozgun Erdogan and Pei Cao Publisher ： IEEE Globecom 2005 (IJSN 2007) Presenter ： Zong-Lin Sie Date ： 2010/12/08 1.

LayeredTrees: Most Specific Prefix based Pipelined Design for On-Chip IP Address Lookups Author: Yeim-Kuau Chang, Fang-Chen Kuo, Han-Jhen Guo and Cheng-Chien.

FPGA Based String Matching for Network Processing Applications Janardhan Singaraju, John A. Chandy Presented by: Justin Riseborough Albert Tirtariyadi.

Hardware Implementation of a Memetic Algorithm for VLSI Circuit Layout Stephen Coe MSc Engineering Candidate Advisors: Dr. Shawki Areibi Dr. Medhat Moussa.

J. Christiansen, CERN - EP/MIC

Introduction to FPGA Created & Presented By Ali Masoudi For Advanced Digital Communication Lab (ADC-Lab) At Isfahan University Of technology (IUT) Department.

CS30003: Compilers Lexical Analysis Lecture Date: 05/08/13 Submission By: DHANJIT DAS, 11CS10012.

GPEP : Graphics Processing Enhanced Pattern- Matching for High-Performance Deep Packet Inspection Author: Lucas John Vespa, Ning Weng Publisher: 2011 IEEE.

1 Towards Practical Architectures for SRAM-based Pipelined Lookup Engines Author: Weirong Jiang, Viktor K. Prasanna Publisher: INFOCOM 2010 Presenter:

EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

Author ： Ioannis Sourdis, Vasilis Dimopoulos, Dionisios Pnevmatikatos and Stamatis Vassiliadis Publisher ： ANCS’06 Presenter ： Zong-Lin Sie Date ： 2011/01/05.

Regular Expression Matching for Reconfigurable Packet Inspection Authors: Jo˜ao Bispo, Ioannis Sourdis, Jo˜ao M.P. Cardoso and Stamatis Vassiliadis Publisher:

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.

A Pattern-Matching Scheme With High Throughput Performance and Low Memory Requirement Author: Tsern-Huei Lee, Nai-Lun Huang Publisher: TRANSACTIONS ON.

A Dynamic Longest Prefix Matching Content Addressable Memory for IP Routing Author: Satendra Kumar Maurya, Lawrence T. Clark Publisher: IEEE TRANSACTIONS.

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

Identifying Hardware Components in a Computer (continued) Clock Speed (continued) The computer has a system clock that generates a regular electronic beat.

Author : Weirong Jiang, Yi-Hua E. Yang, and Viktor K. Prasanna Publisher : IPDPS 2010 Presenter : Jo-Ning Yu Date : 2012/04/11.

Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.

A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:

Fast Lookup for Dynamic Packet Filtering in FPGA REPORTER: HSUAN-JU LI 2014/09/18 Design and Diagnostics of Electronic Circuits & Systems, 17th International.

Range Enhanced Packet Classification Design on FPGA Author: Yeim-Kuan Chang, Chun-sheng Hsueh Publisher: IEEE Transactions on Emerging Topics in Computing.

Author : Masanori Bando, N. Sertac Artan and H. Jonathan Chao Publisher : Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW), 2010 Presenter.

Range Hash for Regular Expression Pre-Filtering Publisher : ANCS’ 10 Author : Masanori Bando, N. Sertac Artan, Rihua Wei, Xiangyi Guo and H. Jonathan Chao.

Design methodology for Implementing a Microcontroller in a FPGA. Phillip Southard Ohio University EE 690 Reconfigurable Design.

10- Lock Bits, Fuse Bits and Boot Loader. Boot Loader Support – Read-While-Write Self- Programming: The Boot Loader Support provides a real Read-While-Write.

Author: Yun R. Qu, Shijie Zhou, and Viktor K. Prasanna Publisher:

2018/4/27 PiDFA : A Practical Multi-stride Regular Expression Matching Engine Based On FPGA Author: Jiajia Yang, Lei Jiang, Qiu Tang, Qiong Dai, Jianlong.

Accelerating Pattern Matching for DPI

Instructor: Dr. Phillip Jones

Regular Expression Matching in Reconfigurable Hardware

Regular Expression Acceleration at Multiple Tens of Gb/s

Scalable Memory-Less Architecture for String Matching With FPGAs

International Data Encryption Algorithm

Compact DFA Structure for Multiple Regular Expressions Matching

Author： Yaron Weinsberg ,Shimrit Tzur-David ,Danny Dolev and Tal Anker

High Performance Pattern Matching using Bloom–Bloomier Filter

2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.

Authors: Ding-Yuan Lee, Ching-Che Wang, An-Yeu Wu Publisher: 2019 VLSI

Presentation transcript:

STRING SEARCHING ENGINE FOR VIRUS SCANNING Author ： Derek Pao, Xing Wang, Xiaoran Wang, Cong Cao, Yuesheng Zhu Publisher ： TRANSACTIONS ON COMPUTERS, 2012 Presenter ： Jia-Wei,You Date ： 2012/3/7 1

Introduction Intrusion detection system (IDS) and anti-virus software are essential security tools for today’s computer systems. Hence, the memory cost of pure AC-based methods cannot be lower than 8 bits per character. Updates to the pattern set in an anti-virus system can be quite frequent. However, if all virus signatures were to be stored in the on-chip embedded memory, it would require at least 20Mbyte-200Mbyte memory space. 2

Introduction Quick sampling plus verification (QSV) approach. In our approach of performing string matching over a very large virus signature set (82888 static strings), only 1.4Mbyte on chip memory is required, about 1.4 bits per character of the signature set. The QSV system can be updated by only updating the lookup tables, without reconfiguring the circuit. 3

QSV 4

5

6

7

8

9

Aggregation Unit 10

pid, patLoc, refLoc, verified, which are the pattern ID, location of the last byte of the pattern found in the input stream, location of the last byte of the 16-byte prefix, flag indicating whether the pattern has been verified by a CRC unit respectively. 11

12

Performance ClamAV virus database (main.cvd version 51 released on 14 May 2009) 13

Performance 14

Performance Using the Xilinx Virtex-5 XC5VSX240T device model Design uses 324 (63%) 36-Kbit block RAMs, 4878 (3.3%) LUTs, 6989 (4.7%) register bits and occupies 2163 (5.8%) slices. maximum system clock frequency is 200MHz 1.4 bits per character. 15