Bonfring International Journal of Man Machine Interface
Online ISSN: 2277-5064 | Print ISSN: 2250-1061 | Frequency: 4 Issues/Year
Impact Factor: 0.325 | International Scientific Indexing(ISI) calculate based on International Citation Report(ICR)
A Scalable High-Performance Virus Detection Processor for Embedded Network Security
S. Krishnadevi and K. Thilagavathi
Abstract:
Network security applications generally require the ability to perform powerful pattern matching to protect against attacks such as viruses and spam. Traditional hard-ware solutions are intended for firewall routers. However, the solutions in the literature for firewalls are not scalable, and they do not address the difficulty of an antivirus with an ever-larger pattern set. Related works have focused on algorithms and have even developed specialized circuits to increase the scanning speed. However, these works have not considered the interactions between algorithms and memory hierarchy. Because the number of attacks is increasing, pattern-matching processors require external memory to support an unlimited pattern set. This method makes the memory system the bottleneck. However, when the pattern set is already intractably large, a perfect solution is unattainable. The main goal is to provide high performance in most cases while still performing reasonably well in the worst case. With an eye toward high performance, updatability, unlimited pattern sets and low memory requirements, a two-phase architecture is introduced so that it uses off-chip memory to support a large pattern set. The goal of this project is to provide a systematic virus detection hardware solution for network security for embedded systems. Instead of placing entire matching patterns on a chip, a new solution is to provide a two-phase dictionary-based antivirus processor that works by condensing as much of the important filtering information as possible onto a chip and infrequently accessing off-chip data to make the matching mechanism scalable to large pattern sets. In the first stage, the filtering engine can filter out more than 93.1% of data as safe, using a merged shift table. Only 6.9% or less of potentially unsafe data must be precisely checked in the second stage by the exact-matching engine from off-chip memory. To reduce the impact of the memory gap, three enhancement algorithms are proposed to improve performance: 1) a skipping algorithm; 2) a cache method; and 3) a pre fetching mechanism.
Keywords: Algorithmic Attacks, Embedded System, Memory Gap, Network Security, Virus Detection.
Volume: 2 | Issue: Special Issue on Communication Technology Interventions for Rural and Social Development
Pages: 30-35
Issue Date: February , 2012
|