6227

GrAVity: a massively parallel antivirus engine

Giorgos Vasiliadis, Sotiris Ioannidis
Institute of Computer Science, Foundation for Research and Technology – Hellas, N. Plastira 100, Vassilika Vouton, GR-700 13 Heraklion, Crete, Greece
Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, Volume 6307/2010, 79-96

@inproceedings{vasiliadis2011gravity,

   title={GrAVity: a massively parallel antivirus engine},

   author={Vasiliadis, G. and Ioannidis, S.},

   booktitle={Recent Advances in Intrusion Detection},

   pages={79–96},

   year={2010},

   organization={Springer}

}

Download Download (PDF)   View View   Source Source   

787

views

In the ongoing arms race against malware, antivirus software is at the forefront, as one of the most important defense tools in our arsenal. Antivirus software is flexible enough to be deployed from regular users desktops, to corporate e-mail proxies and file servers. Unfortunately, the signatures necessary to detect incoming malware number in the tens of thousands. To make matters worse, antivirus signatures are a lot longer than signatures in network intrusion detection systems. This leads to extremely high computation costs necessary to perform matching of suspicious data against those signatures. In this paper, we present GrAVity, a massively parallel antivirus engine. Our engine utilized the compute power of modern graphics processors, that contain hundreds of hardware microprocessors. We have modified ClamAV, the most popular open source antivirus software, to utilize our engine. Our prototype implementation has achieved end-to-end throughput in the order of 20 Gbits/s, 100 times the performance of the CPU-only ClamAV, while almost completely offloading the CPU, leaving it free to complete other tasks. Our micro-benchmarks have measured our engine to be able to sustain throughput in the order of 40 Gbits/s. The results suggest that modern graphics cards can be used effectively to perform heavy-duty anti-malware operations at speeds that cannot be matched by traditional CPU based techniques.
No votes yet.
Please wait...

* * *

* * *

HGPU group © 2010-2017 hgpu.org

All rights belong to the respective authors

Contact us: