Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hunting Malware With GPUs and FPGAs (hackaday.com)

Posted by timothy on from the taking-a-magnet-to-the-haystack dept.

szczys writes: Rick Wesson has been working on a solution to identify the same piece of malware that has been altered through polymorphism (a common method of escaping detection). While the bits are scrambled from one example to the next, he has found that using a space filling curve makes it easy to cluster together polymorphically similar malware samples. Forming the fingerprint using these curves is computationally expensive. This is an Internet-scale problem which means he currently needs to inspect 300,000 new samples a day. Switching to a GPU to do the calculation proved four orders of magnitude efficiency over CPUs to reach about 200,000 samples a day. Rick has begun testing FPGA processing, aiming at a goal of processing 10 million samples in four hours using a machine drawing 4000 Watts.

3 of 44 comments (clear)

  1. 4KW by sims+2 · · Score: 2

    Wow how are you powering this thing a dryer plug?
    Multiple PSUs?

    That's a heck of a lot of power for a single machine.

    --
    Minimum threshold fixed. Thanks!
  2. Re:Acronyms... by Anonymous Coward · · Score: 4, Informative

    Graphics Processing Unit.

    It's more or less a CPU with more cores and less functionality per core. There are typically a few instructions you would otherwise expect form a DSP like saturated addition.

  3. Something doesn't add up again by wwalker · · Score: 2

    Switching to a GPU to do the calculation proved four orders of magnitude efficiency over CPUs to reach about 200,000 samples a day.

    4 orders of magnitude?! Was he processing 20 samples a day before? What kind of CPU was he using? 8088?