Researcher : Chatsiri Ratana  Master’s degree in computer engineering.                Optimizing Clam-Antivirus for GPUKas...
Agenda• Introduction   • What Clam Antivirus & GPU?   • Why optimized Clam Antivirus for GPU?• Related Work   • Understand...
What Clam Antivirus & GPU? • Clam AntiVirus( Clam AV)    • Antivirus signature database.    • Signature types are hexadeci...
Why optimized Clam Antivirus for GPU?  • ClamAV using string matching concepts.     • Boyer-Moore     • Aho-Corasick  • GP...
Understanding antivirus• Signature Bases   • Type of signature base       • Hexadecimal       • MD5       • Regular expres...
Structure of Clam AV            Filtering                   VerificationFile   File Buffer                        Offset  ...
Kindling of String Matching Algorithms forsupport Clam Antivirus.• Algorithms   • Bayer-Moore algorithm   • Aho-Corasick a...
Bayer-Moore Algorithm     -   -   -   -   A   MA N - - - - -         -   -     A   N   P   A   N   MA N - - - - -         ...
Aho-Corasick Algorithm  Trojan.KU.MrDir.B = 40 6d 64 20 25 72 61 6e 64 6f 6d 25 ?? ?? 67 6f 6f  1st stage           X X   ...
Hybrid Parallel Signature Scanningmethods.•   Kindling optimized for supporting GPU.    •   Algorithms of String matching ...
Upcoming SlideShare
Loading in …5
×

Optimizing clam av for gpu 02

730 views
674 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
730
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Optimizing clam av for gpu 02

  1. 1. Researcher : Chatsiri Ratana Master’s degree in computer engineering. Optimizing Clam-Antivirus for GPUKasetsart University, Faculty of Computer Engineering.
  2. 2. Agenda• Introduction • What Clam Antivirus & GPU? • Why optimized Clam Antivirus for GPU?• Related Work • Understanding antivirus • Kindling of String Matching Algorithms for support Clam Antivirus.• Hybrid Parallel Signature Scanning methods. • Kindling optimized for supporting GPU
  3. 3. What Clam Antivirus & GPU? • Clam AntiVirus( Clam AV) • Antivirus signature database. • Signature types are hexadecimal ,MD5 and regular expression signatures by third of major types for scanning. • Available with e-mail proxies and file servers. • ClamAV uses an optimized version of the Boyer-Moore and Aho-Corasick • Bayer-Moore algorithm to detect non-polymorphic viruses using simple fixed string signature. • Aho-Corasick algorithm to detect polymorphic viruses. • GPU( Graphics Processing Unit ) • Flexible stream processors operating on SIMD( Single Instruction Multiple Data). • Specialized for computationally-intensive and highly parallel operation. • Fast shared memory is managed explicitly by the programmer among thread block.
  4. 4. Why optimized Clam Antivirus for GPU? • ClamAV using string matching concepts. • Boyer-Moore • Aho-Corasick • GPU( Graphics Processing Unit ) • Supporting Parallel operations(CUDA, OpenCL). • Higher data transfer bandwidth. • Supporting Library programming. • Multiprocessor consists in eight stream processors, operating on a SIMD fashion. • Why use GPU instead CPU?
  5. 5. Understanding antivirus• Signature Bases • Type of signature base • Hexadecimal • MD5 • Regular expression.• Algorithms • Bayer-Moore algorithm • Aho-Corasick algorithm
  6. 6. Structure of Clam AV Filtering VerificationFile File Buffer Offset Verification Module GPU Full viruses Signature
  7. 7. Kindling of String Matching Algorithms forsupport Clam Antivirus.• Algorithms • Bayer-Moore algorithm • Aho-Corasick algorithm
  8. 8. Bayer-Moore Algorithm - - - - A MA N - - - - - - - A N P A N MA N - - - - - - - - A N P A N MA N - - - - - - - - A N P A N MA N - - - - - - - - A N P A N MA N - - - - - - - - A N P A N MA N - - - - - - - - A N P A N MA N - - - - - - - - A N P A N MA N Bayer-Moore Algorithm, wikipeida.org
  9. 9. Aho-Corasick Algorithm Trojan.KU.MrDir.B = 40 6d 64 20 25 72 61 6e 64 6f 6d 25 ?? ?? 67 6f 6f 1st stage X X 2nd stage 40 6d 64 20 25 72 61 6e 64 6f 6d 25 ?? ?? 67 6f 6f
  10. 10. Hybrid Parallel Signature Scanningmethods.• Kindling optimized for supporting GPU. • Algorithms of String matching concept. • Hybrid Parallel Signature Scanning. • Memory • GPU Memory management. • I/O • Optimized Hybrid Parallel Signature Scanning for I/O bound.

×