By Topic

Hardware Software Codesign for High-speed Signature-based Virus Scanning

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Ying-Dar Lin ; National Chiao Tung University, Hsinchu ; Po-Ching Lin ; Yuan-Cheng Lai ; Tai-Ying Liu

It is a trend to offload signature matching to a hardware engine for high-speed network content security applications. Most existing research works claim the achieved high throughput of the hardware engine only, but it is also significant to study the reasons behind the gap between the throughput of an integrated system and that of the hardware engine alone. We examine this issue by offloading virus scanning in ClamAV to a hardware engine BFAST*. Although the ideal throughput is 8.79 Gbps in the hardware simulation, the bus clock and launching scanning in each batch of data degrade the throughput to 3.01 Gbps, even if the DMA were infinitely fast and the data is already in the DMA buffer. The DMA speed in our platform is also a bottleneck, further degrading the throughput to 912.7 Mbps. The overall throughput of the system is only 151 Mbps, due to copying data from the user space into the DMA buffer. Transferring data from the user space into BFAST* takes about 90% of the total time. From the observations, we can tell how large the performance can be improved in each execution stage, if a solution is devised, e.g., a faster DMA or kernel-level scanning.

Published in:

Micro, IEEE  (Volume:PP ,  Issue: 99 )