18-06-2013, 02:04 PM
A Hybrid Algorithm of Backward Hashing and Automaton Tracking for Virus Scanning
A Hybrid Algorithm.pptx (Size: 2.44 MB / Downloads: 26)
Introduction
SCANNING the content on network or storage devices for viruses involves computationally intensive string matching against a set of virus patterns. Although designing an efficient method for high speed content inspection has sparked a number of innovations in research lately, most of them look to hardware approaches that offload string matching to a specialized hardware engine ,especially for Snort-style intrusion detection however, as many antivirus applications run on a software environment deploying a hardware accelerator is costly and inflexible. Compared with intrusion detection, antivirus applications used to be relatively inconspicuous as a target to be accelerated. Therefore, we believe a scalable and fast string matching algorithm and its efficient software implementation are still desired for antivirus scanning. Software implementation of string matching algorithms faces new challenges. Malware writers want to escape detection by antivirus programs. They frequently use obfuscation techniques, such as packing malware programs with packers , to generate a number of variants of a malware program. Due to this tendency, virus signatures increase very fast and should be updated frequently. Antivirus applications, therefore, have much more patterns than Snort, which has only thousands of patterns. A common class of string matching methods, such as the Aho- Corasick (AC) algorithm, tracks a finite automaton constructed from the set of patterns. The tracking reads only one character in the text per iteration, but this approach does not well leverage the capability of modern processor architectures, which can read 4 bytes or more in the operands of an instruction. Although some can track multiple characters per iteration for high performance, the parallelism from hardware assistance , software
implementation does not have the blessing from the hardware parallelism. Moreover, the data structure of the automaton contains the transitions from each state and the
Scope Of The Project
In this project we are going to improve the scanning process of Antivirus software. In that we are reduce the verification frequency and exploit long shift distance by backward hashing in the search window . This leads the scanning the virus is fast.
EXISTING SYSTEM
In existing system scanning involves intensive string matching against a set of virus patterns. Many antivirus applications run on a software environment (e.g., a commodity computer), deploying a hardware accelerator is costly and inflexible.
Therefore, we believe a scalable and fast string matching algorithm and its efficient software implementation are still desired for antivirus scanning. A large set of patterns demand large memory space to store them, so a compact data structure to improve cache locality is critical.
DRAWBACK IN EXISTING SYSTEM
Many of them rely on hardware assistance for fast tracking, but their software implementation is sequential and much slower.
Tthe number of patterns in antivirus applications is much larger than that in intrusion detection.