antivirus engine
play

Antivirus Engine Giorgos Vasiliadis and Sotiris Ioannidis - PowerPoint PPT Presentation

Aug 30, 2023 •275 likes •563 views

GrAVity: A Massively Parallel Antivirus Engine Giorgos Vasiliadis and Sotiris Ioannidis FORTH-ICS, Greece RAID10, 15 September 2010 Overview Increase the processing throughput of virus scanning applications, using the Graphics

  1. GrAVity: A Massively Parallel Antivirus Engine Giorgos Vasiliadis and Sotiris Ioannidis FORTH-ICS, Greece RAID’10, 15 September 2010

  2. Overview • Increase the processing throughput of virus scanning applications, using the Graphics Processing Unit (GPU)

  3. Outline • Introduction • Architecture • Performance evaluation • Conclusions

  4. Motivation • Antivirus software is running on e-mail servers, gateway proxies, user desktops – Require significant computational resources • Graphics cards – Easy to program – Powerful and ubiquitous • Why not use GPUs to speed-up virus scanning operations?

  5. CPU vs GPU • The GPU is specialized for compute-intensive, highly parallel computation – More transistors are devoted to data processing rather than data caching and flow control

  6. Anti-Virus Databases • Contain thousands of signatures • ClamAV contains more than 60K signatures, with length varying from 4 to 392 bytes – Significant longer than NIDS > 80% > 90%

  7. Virus Scanning in ClamAV Filtering Verification Files Module Module • ClamAV uses a small part from each signature for a first-pass filtering • Every potential match is processed by the verification module

  8. Virus Scanning in ClamAV Filtering Verification Files Module Module • Usually, the majority of data do not contain any virus  Only a small number of file segments pass to the verification module

  9. Our Approach: GPU Offloading Filtering Verification Files Module Module

  10. GRAVITY DESIGN

  11. Basic Design • Three-stage pipeline GPU Verification Files Module

  12. Files Journey (1/5) • File scanning example GPU File contents are buffered back-to-back Verification Files Module

  13. Files Journey (2/5) • File scanning example 1. File contents Verification Files Module

  14. Files Journey (3/5) • File scanning example GPU filters out clean segments 1. File contents Verification Files Module

  15. Files Journey (4/5) • File scanning example GPU 1. File contents 2. Matched offsets Verification Files Module

  16. Files Journey (5/5) • File scanning example GPU Verify matches and report 1. File contents 2. Matched offsets Verification Files Module Full Virus Signatures

  17. GPU IMPLEMENTATION

  18. Prefix Filtering • Take the first n bytes from each signature – e.g. Worm.SQL.Slammer.A:0:*: 4e65742d576f726d2e57696e33322e536c616d6d65725554 • Compile all n -bytes sub-signatures into a single Scanning Trie • The Scanning Trie can quickly filter clean data segments in linear time.

  19. Scanning Trie • GrAVity: Variable trie height 4 patterns (avg) per 14 -char prefix

  20. Virus Scanning on the GPU • Each thread operate on different data – May overlap for spanning patterns, but … – … no communication/synchronization costs. – Highly scalable (million threads can run in parallel)

  21. Memory Management Optimizations • Exploit texture cache, to achieve better reading throughput 4 cycles Cache DRAM 700 cycles • Cache misses are hidden by running a large number of threads in parallel Cache Cache miss miss thread thread switch switch

  22. PERFORMANCE EVALUATION

  23. GrAVity vs ClamAV 12x 100x  Up to 20 Gbps end-to-end performance

  24. Execution Time Breakdown • CPU time results in 20% of the total execution time, with a prefix length equal to 14 • Increasing the prefix length, results in less matches

  25. Raw Computational Throughput • With 8M threads, the GPU achieves 42Gbits/s throughput

  26. Scaling factor • Fast evolution

  27. Conclusions • Virus scanning on the GPU is practical and fast! • Over 20 Gbit/s throughput – Suitable for network-based virus scanning • Future work includes – Adapt memory-efficient algorithms (XFA, D 2 FA) – Multiple GPUs

  28. GrAVity: A Massively Parallel Antivirus Engine thank you! Giorgos Vasiliadis, gvasil@ics.forth.gr Sotiris Ioannidis, sotiris@ics.forth.gr

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AI in Antivirus What AI do in your antivirus Who I am? Arcangelo Saracino Student of Computer

AI in Antivirus What AI do in your antivirus Who I am? Arcangelo Saracino Student of Computer

AI in Antivirus What AI do in your antivirus Who I am? Arcangelo Saracino Student of Computer Science at Uniba Three years of experience in web development Cybersecurity and Linux appassionate Mail: saracinoarcangelo@gmail.com Outline

363 views • 18 slides
Why Antivirus Software whoami IT-Security Consultant Doing pentesting since two years

Why Antivirus Software whoami IT-Security Consultant Doing pentesting since two years

Why Antivirus Software whoami IT-Security Consultant Doing pentesting since two years This talk is based on private research Before that experience as windows/linux/network admin, a little as web developer and so on...

1.06k views • 49 slides
Search Engine Optimization What is Search Engine Optimization Search Engine Optimization is the

Search Engine Optimization What is Search Engine Optimization Search Engine Optimization is the

Search Engine Optimization What is Search Engine Optimization Search Engine Optimization is the process of improving the visibility of a website on organic ("natural" or un-paid) search engine result pages (SERPs), by incorporating

1.54k views • 35 slides
Conce Concept of pt of T TAP(T AP(Tar arge geted ted Antivir Antivirus us Pr Prop ophy

Conce Concept of pt of T TAP(T AP(Tar arge geted ted Antivir Antivirus us Pr Prop ophy

Conce Concept of pt of T TAP(T AP(Tar arge geted ted Antivir Antivirus us Pr Prop ophy hylax laxis) is) Drug dis istr tributions an and re remote te con onsulta tation jus just t before th the ou outb tbreak Isao

669 views • 7 slides
Using Mimikatz driver to unhook antivirus on Windows Supervisor: Cedric van Bockhaven Bram

Using Mimikatz driver to unhook antivirus on Windows Supervisor: Cedric van Bockhaven Bram

Using Mimikatz driver to unhook antivirus on Windows Supervisor: Cedric van Bockhaven Bram Blaauwendraad & Thomas Ouddeken Mimikatz Post exploitation tool created by Benjamin Delpy Administrative privileges required Used to extract

355 views • 20 slides
A Close Look at Rogue Antivirus Programs Alain Zidouemba About the VRT Mission: Provide

A Close Look at Rogue Antivirus Programs Alain Zidouemba About the VRT Mission: Provide

A Close Look at Rogue Antivirus Programs Alain Zidouemba About the VRT Mission: Provide intelligence and protection to allow our customers to focus on their core business Responsibilities Threat Intelligence and monitoring

873 views • 51 slides
How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber,

How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber,

How to do it Wrong: Smartphone Antivirus and Security Applications Under Fire Stephan Huber, Siegfried Rasthofer, Steven Arzt, Michael Trger, Andreas Wittmann, Philipp Roskosch, Daniel Magin 1 Who are we Stephan Siegfried Mobile

751 views • 50 slides
AV-Meter: An Evaluation of Antivirus Scans and Labels Omar Alrawi (Qatar Computing Research

AV-Meter: An Evaluation of Antivirus Scans and Labels Omar Alrawi (Qatar Computing Research

AV-Meter: An Evaluation of Antivirus Scans and Labels Omar Alrawi (Qatar Computing Research Institute) Joint with Aziz Mohaisen (VeriSign Labs) Overview Introduction to problem Evaluation metrics Dataset gathering and use

651 views • 22 slides
1 Mapping Relational Data Model Patterns To The App Engine Datastore Max Ross November 19,

1 Mapping Relational Data Model Patterns To The App Engine Datastore Max Ross November 19,

1 Mapping Relational Data Model Patterns To The App Engine Datastore Max Ross November 19, 2009 1 Agenda App Engine Datastore Basics Soft Schemas Moving To App Engine Leaving App Engine Questions 2 2 3 The App Engine

945 views • 41 slides
antivirus systems Intruducion Attila Marosi OSCE, OSCP, ECSA, CEH IT security expert at

antivirus systems Intruducion Attila Marosi OSCE, OSCP, ECSA, CEH IT security expert at

Easy ways to bypass antivirus systems Intruducion Attila Marosi OSCE, OSCP, ECSA, CEH IT security expert at GovCERT-Hungary (SSNS) Email: attila.marosi@gmail.com Web: http://marosi.hu Twitter: @0xmaro Why? All of us use

285 views • 16 slides
Whats New in Engine Research Whats New in Engine Research Mark Musculus Engine Combustion

Whats New in Engine Research Whats New in Engine Research Mark Musculus Engine Combustion

Whats New in Engine Research Whats New in Engine Research Mark Musculus Engine Combustion Department Combustion Research Facility Sandia National Laboratories, Livermore, Ca Funded by U.S. Department of Energy Program Managers: Gurpreet

682 views • 17 slides
Google App Engine Guido van Rossum Stanford EE380 Colloquium, Nov 5, 2008 Google App Engine

Google App Engine Guido van Rossum Stanford EE380 Colloquium, Nov 5, 2008 Google App Engine

Google App Engine Guido van Rossum Stanford EE380 Colloquium, Nov 5, 2008 Google App Engine Does one thing well: running web apps Simple app configuration Scalable Secure 2 App Engine Does One Thing Well App Engine handles

538 views • 14 slides
EPA 2016 PACCAR MX-11 Engine Month XX, 20XX EPA 2016 PACCAR MX-11 Engine PRESENTERS NAME

EPA 2016 PACCAR MX-11 Engine Month XX, 20XX EPA 2016 PACCAR MX-11 Engine PRESENTERS NAME

EPA 2016 PACCAR MX-11 Engine Month XX, 20XX EPA 2016 PACCAR MX-11 Engine PRESENTERS NAME PRESENTERS POSITION TRADITION OF ENGINE INNOVATION MX, NA PX MX, EU MX 11, EU DD575 PR 1960 1970 1980 1990 2000 2010 2015 Turbo

783 views • 30 slides
Application-Level Reconnaissance: Timing Channel Attacks Against Antivirus Software Mohammed I.

Application-Level Reconnaissance: Timing Channel Attacks Against Antivirus Software Mohammed I.

Application-Level Reconnaissance: Timing Channel Attacks Against Antivirus Software Mohammed I. Al-Saleh and Jedidiah R. Crandall Server Reconnaissance OS & Services ports Client Server Client Reconnaissance Hmmm, what can I get about

705 views • 27 slides
Comparing First Generation Drama Engines What is a Drama Engine? An engine capable of

Comparing First Generation Drama Engines What is a Drama Engine? An engine capable of

Comparing First Generation Drama Engines What is a Drama Engine? An engine capable of interpreting domain language code to support interaction with dramatically interesting characters A way to creatively author character AI

552 views • 26 slides
to a Persistent Threat Jagadeesh Chandraiah DeepSec 2011 Agenda FakeAV Trends Infection

to a Persistent Threat Jagadeesh Chandraiah DeepSec 2011 Agenda FakeAV Trends Infection

Fake Antivirus- Journey from Trojan to a Persistent Threat Jagadeesh Chandraiah DeepSec 2011 Agenda FakeAV Trends Infection Vectors Packer Evolution How do they work ? DeepSec 2011 Introduction Fake AntiVirus (FakeAV) is a

794 views • 51 slides
Hor orizon izon and ex exten ende ded d therm ermodynamics odynamics of of Lo Love velo

Hor orizon izon and ex exten ende ded d therm ermodynamics odynamics of of Lo Love velo

Hor orizon izon and ex exten ende ded d therm ermodynamics odynamics of of Lo Love velo lock ck bl black ck hol oles David Kubiz k (Perimeter Institute) Pressure of all matter fields vs. Northeast Gravity Workshop 2016,

562 views • 28 slides
MIGA AND ELGAR: NEW PERSPECTIVES FOR LOW FREQUENCY GRAVITATIONAL WAVE OBSERVATION USING ATOM

MIGA AND ELGAR: NEW PERSPECTIVES FOR LOW FREQUENCY GRAVITATIONAL WAVE OBSERVATION USING ATOM

MIGA AND ELGAR: NEW PERSPECTIVES FOR LOW FREQUENCY GRAVITATIONAL WAVE OBSERVATION USING ATOM INTERFEROMETRY MIGA, GDR Ondes Gravitationnelles, 20/06/2018 1 MIGA Project A new large instrument combining matter- wave and laser interferometry

604 views • 36 slides
Work MCV4U: Calculus & Vectors Work is when a force is applied to an object, causing it to

Work MCV4U: Calculus & Vectors Work is when a force is applied to an object, causing it to

a l g e b r a i c v e c t o r s a l g e b r a i c v e c t o r s Work MCV4U: Calculus & Vectors Work is when a force is applied to an object, causing it to move. It is defined as the the product of the objects displacement and the

810 views • 3 slides
Atomism and Relationalism as guiding principles for Quantum Gravity Francesca Vidotto !

Atomism and Relationalism as guiding principles for Quantum Gravity Francesca Vidotto !

Atomism and Relationalism as guiding principles for Quantum Gravity Francesca Vidotto ! Frontiers of Fundamental Physics (FFP14) Marseille July 16th, 2013 CONTENT OF THE TALK RELATIONALISM ! ONTOLOGY: Structural Spacetime

415 views • 24 slides
Math 211 Math 211 Lecture #3 September 5, 2000 2 Models of Motion Models of Motion History

Math 211 Math 211 Lecture #3 September 5, 2000 2 Models of Motion Models of Motion History

1 Math 211 Math 211 Lecture #3 September 5, 2000 2 Models of Motion Models of Motion History of models of planetary motion Babylonians - 3000 years ago Initiated the systematic study of astronomy. 3 Greeks Greeks Descriptive

547 views • 8 slides
The Quest for Gravitational Waves 26/2/2016 B.A. Boom & L. van der Schaaf - Nikhef

The Quest for Gravitational Waves 26/2/2016 B.A. Boom & L. van der Schaaf - Nikhef

The Quest for Gravitational Waves 26/2/2016 B.A. Boom & L. van der Schaaf - Nikhef Observation of Gravitational Waves from a Binary Black Hole Merger Finally we know we work on something real B. P. Abbott et al. (LIGO Scientifc

530 views • 36 slides
4E: The Quantum Universe Lecture 34, June 2 Brian Wecht A Few Quick Announcements 1. Quiz 5 on

4E: The Quantum Universe Lecture 34, June 2 Brian Wecht A Few Quick Announcements 1. Quiz 5 on

4E: The Quantum Universe Lecture 34, June 2 Brian Wecht A Few Quick Announcements 1. Quiz 5 on Friday! Covers Ch. 7 of Tipler and Ch. 8 of Serway 2. You may bring one sheet of paper (front and back) of notes for the Final Exam. We will provide

448 views • 19 slides
Gravitational Wave Astronomy 101 By David Garrison Professor of Physics University of Houston

Gravitational Wave Astronomy 101 By David Garrison Professor of Physics University of Houston

Gravitational Wave Astronomy 101 By David Garrison Professor of Physics University of Houston Clear Lake The 5 Questions The Beginning Where the Heck did all that come from? First Observatories New Technologies Putting it all together Not

788 views • 52 slides

More recommend