Date of Award
9-10-2010
Document Type
Thesis
Degree Name
Master of Science
Department
Department of Electrical and Computer Engineering
First Advisor
Barry E. Mullins, PhD
Abstract
Real-time malware analysis requires processing large amounts of data storage to look for suspicious files. This is a time consuming process that (requires a large amount of processing power) often affecting other applications running on a personal computer. This research investigates the viability of using Graphic Processing Units (GPUs), present in many personal computers, to distribute the workload normally processed by the standard Central Processing Unit (CPU). Three experiments are conducted using an industry standard GPU, the NVIDIA GeForce 9500 GT card. The goal of the first experiment is to find the optimal number of threads per block for calculating MD5 file hash. The goal of the second experiment is to find the optimal number of threads per block for searching an MD5 hash database for matches. In the third experiment, the size of the executable, executable type (benign or malicious), and processing hardware are varied in a full factorial experimental design. The experiment records if the file is benign or malicious and measure the time required to identify the executable. This information can be used to analyze the performance of GPU hardware against CPU hardware. Experimental results show that a GPU can calculate a MD5 signature hash and scan a database of malicious signatures 82% faster than a CPU for files between 0 96 kB. If the file size is increased to 97 - 192 kB the GPU is 85% faster than the CPU. This demonstrates that the GPU can provide a greater performance increase over a CPU. These results could help achieve faster anti-malware products, faster network intrusion detection system response times, and faster firewall applications.
AFIT Designator
AFIT-GCO-ENG-10-12
DTIC Accession Number
ADA529467
Recommended Citation
Kovach, Nicholas S., "Accelerating Malware Detection via a Graphics Processing Unit" (2010). Theses and Dissertations. 1989.
https://scholar.afit.edu/etd/1989
Comments
Nicholas Kovach is a 2019 recipient of AFIT's Young Alumni Award, established to recognize alumni who have made outstanding contributions in their career within 10 years of graduating from AFIT. The award recognizes the exceptional professional accomplishments in their professional life, community affairs, and support of the advancement and continued excellence of AFIT.