一个可扩展的模式匹配加速器

2008 1st Microsystems and Nanoelectronics Research Conference Pub Date : 2008-11-21 DOI:10.1109/MNRC.2008.4683370

J. Ho, G. Lemieux

{"title":"一个可扩展的模式匹配加速器","authors":"J. Ho, G. Lemieux","doi":"10.1109/MNRC.2008.4683370","DOIUrl":null,"url":null,"abstract":"PERG is an FPGA application for accelerating detection of computer virus signatures (patterns). A pattern consists of a sequence of one or more segments separated by gaps of fixed lengths. PERG preprocesses a database of these patterns into hardware. To our knowledge, PERG is the first pattern matching hardware targeting viruses, as well as the first among network intrusion detection systems (NIDS), which are similar in nature to PERG, to implement Bloomier filters. This makes guarding against false positives faster than traditional Bloom filters because verification requires checking against one pattern instead of several patterns. Using the ClamAV antivirus database, PERG fits 80,282 patterns containing over 8,224,848 characters into one modest FPGA chip with a small (4 MB) off-chip memory. The architecture achieves roughly 26x improved density (characters per memory bit) compared to the next-best NIDS pattern-matching engine which fits only 1/250th the characters. With an estimated throughput of about 200MB/s, PERG keeps up with most network or disk interfaces.","PeriodicalId":247684,"journal":{"name":"2008 1st Microsystems and Nanoelectronics Research Conference","volume":"219 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"PERG: A scalable pattern-matching accelerator\",\"authors\":\"J. Ho, G. Lemieux\",\"doi\":\"10.1109/MNRC.2008.4683370\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"PERG is an FPGA application for accelerating detection of computer virus signatures (patterns). A pattern consists of a sequence of one or more segments separated by gaps of fixed lengths. PERG preprocesses a database of these patterns into hardware. To our knowledge, PERG is the first pattern matching hardware targeting viruses, as well as the first among network intrusion detection systems (NIDS), which are similar in nature to PERG, to implement Bloomier filters. This makes guarding against false positives faster than traditional Bloom filters because verification requires checking against one pattern instead of several patterns. Using the ClamAV antivirus database, PERG fits 80,282 patterns containing over 8,224,848 characters into one modest FPGA chip with a small (4 MB) off-chip memory. The architecture achieves roughly 26x improved density (characters per memory bit) compared to the next-best NIDS pattern-matching engine which fits only 1/250th the characters. With an estimated throughput of about 200MB/s, PERG keeps up with most network or disk interfaces.\",\"PeriodicalId\":247684,\"journal\":{\"name\":\"2008 1st Microsystems and Nanoelectronics Research Conference\",\"volume\":\"219 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-11-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 1st Microsystems and Nanoelectronics Research Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MNRC.2008.4683370\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 1st Microsystems and Nanoelectronics Research Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MNRC.2008.4683370","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

PERG是一个FPGA应用程序，用于加速检测计算机病毒签名(模式)。图案由一个或多个由固定长度的间隙分隔的片段序列组成。PERG将这些模式的数据库预处理为硬件。据我们所知，PERG是针对病毒的第一个模式匹配硬件，也是与PERG性质相似的网络入侵检测系统(NIDS)中第一个实现Bloomier过滤器的硬件。这使得防止误报的速度比传统的Bloom过滤器更快，因为验证需要检查一个模式而不是几个模式。使用ClamAV反病毒数据库，PERG将包含超过8,224,848个字符的80,282个模式匹配到一个具有小(4 MB)片外内存的适度FPGA芯片中。该架构实现了大约26倍的改进密度(每个内存位字符)，而次优的NIDS模式匹配引擎只适合1/250个字符。PERG的估计吞吐量约为200MB/s，可以跟上大多数网络或磁盘接口的速度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

PERG: A scalable pattern-matching accelerator

PERG is an FPGA application for accelerating detection of computer virus signatures (patterns). A pattern consists of a sequence of one or more segments separated by gaps of fixed lengths. PERG preprocesses a database of these patterns into hardware. To our knowledge, PERG is the first pattern matching hardware targeting viruses, as well as the first among network intrusion detection systems (NIDS), which are similar in nature to PERG, to implement Bloomier filters. This makes guarding against false positives faster than traditional Bloom filters because verification requires checking against one pattern instead of several patterns. Using the ClamAV antivirus database, PERG fits 80,282 patterns containing over 8,224,848 characters into one modest FPGA chip with a small (4 MB) off-chip memory. The architecture achieves roughly 26x improved density (characters per memory bit) compared to the next-best NIDS pattern-matching engine which fits only 1/250th the characters. With an estimated throughput of about 200MB/s, PERG keeps up with most network or disk interfaces.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 1st Microsystems and Nanoelectronics Research Conference

自引率

0.00%

发文量