Designing And Implementation Of High Performance Architecture For Hardware Accelerated CLAMAV Software

CLAMAV has been widely used in Internet security, especially in network intrusion detection systems (NIDS) to detect viruses, worms, spywares, etc.acting like an important part of these systems. CLAMAV is an open source (GPL) anti-virus toolkit based onSignature matching, it provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.In order to satisfy real-time performance requirement of IDS system, I prefer to transfer a part of CLAMAV's intrusion detecting workflow to hardware by building a content-security detector in this paper, and designed a FPGA based hardware software co-design to improve CLAMAV's performance.In this dissertation, I first analyzed CLAMAV's working flow and its performance statistics, and found out that two key challengesin this design is both how to implement CLAMAV's signature matching course on FPGA in a high-speed and reliable way and how to solve the problem that system throughputs had dramatically degraded by some system software overheads.For solving these problems, this paperproposed a new High performance FPGA based hardware-software co design approach after researching. This approach consists of a Bloom filter based hardware engine, an analyzer, modified CLAMAV software and utilizing a High Performance Portable Accelerator Interface for SoCs (HiPPAI) to link software side and hardware side. The reason for using Bloom filters in hardware engine is that the memory used by Bloom filter is only linear to the number of signatures stored in it, but is not related to the length of any single signature.Therefore, Bloom filter is the best solution for dealing with CLAMAV's large and growing virus signature database.This paper also analyzed the performance of the co-design proposed in this paper, and the result showed that CLAMAV's performance had been speedup up to 40% by this new design.