Anti-malware scanning in parallel processors of a graphics processing unit

US 8,392,989 B2
Filed: 10/06/2009
Issued: 03/05/2013
Est. Priority Date: 10/06/2009
Status: Active Grant

First Claim

Patent Images

1. A method of anti-malware scanning comprising:

providing, in a computing system including a central processor, a multimedia processor comprising a plurality of processors to operate in parallel with one another;

fetching data to be scanned for malware from a non-volatile storage of the computing system one sector at a time in a sequential order;

dividing a sector to enable fetching the data to be scanned for malware from the non-volatile storage of the computing system to correspond to a pre-allocated location thereof in a memory of the computing system;

copying the data to be scanned for malware into a cache memory of the multimedia processor through loading a chunk thereof in one instruction cycle, the chunk of the data corresponding to a maximum capacity of the memory of the computing system;

instructing, through the central processor, the multimedia processor to scan the data for malware therethrough; and

executing, through the multimedia processor in the same one instruction cycle, an anti-malware algorithm capable of both scanning the data for at least one known malware based on at least one known malware signature stored in the cache memory of the multimedia processor and updating the cache memory with a signature of a new malware based on detection thereof during the scanning of the data using the multimedia processor in accordance with the instruction through the central processor to free the central processor for a non-anti-malware related task.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of anti-malware scanning includes providing, in a computing system including a central processor, a multimedia processor including a number of processors to operate in parallel with one another. The anti-malware scanning further includes executing an anti-malware algorithm using the multimedia processor to free the central processor for a non-anti-malware related task.

23 Citations

View as Search Results

20 Claims

1. A method of anti-malware scanning comprising:
- providing, in a computing system including a central processor, a multimedia processor comprising a plurality of processors to operate in parallel with one another;
  
  fetching data to be scanned for malware from a non-volatile storage of the computing system one sector at a time in a sequential order;
  
  dividing a sector to enable fetching the data to be scanned for malware from the non-volatile storage of the computing system to correspond to a pre-allocated location thereof in a memory of the computing system;
  
  copying the data to be scanned for malware into a cache memory of the multimedia processor through loading a chunk thereof in one instruction cycle, the chunk of the data corresponding to a maximum capacity of the memory of the computing system;
  
  instructing, through the central processor, the multimedia processor to scan the data for malware therethrough; and
  
  executing, through the multimedia processor in the same one instruction cycle, an anti-malware algorithm capable of both scanning the data for at least one known malware based on at least one known malware signature stored in the cache memory of the multimedia processor and updating the cache memory with a signature of a new malware based on detection thereof during the scanning of the data using the multimedia processor in accordance with the instruction through the central processor to free the central processor for a non-anti-malware related task.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - fetching an instruction from the memory of the computing system using the central processor prior to executing the anti-malware algorithm using the multimedia processor; and
      
      writing a result of the execution of the anti-malware algorithm using the central processor to one of the memory of the computing system and a device external to the computing system.
  - 3. The method of claim 1, comprising executing the anti-malware algorithm using the multimedia processor based on at least one of a signature based detection technique, a malicious activity detection technique, and a heuristic based detection technique.
  - 4. The method of claim 1, comprising providing a plurality of Single Instruction Multiple Data (SIMD) processors as the plurality of processors.
  - 5. The method of claim 1, comprising controlling fetching of the data from the non-volatile storage of the computing system using the multimedia processor.
  - 6. The method of claim 1, wherein the central processor of the computing system is a Central Processing Unit (CPU), and the multimedia processor of the computing system is a Graphics Processing Unit (GPU).
  - 7. The method of claim 1, comprising executing the anti-malware algorithm to protect the computing system against at least one of a computer virus, a trojan, a malicious e-mail content, a phishing attack, a worm, an unwanted application, a rootkit, and a spyware.
  - 8. The method of claim 1, further comprising clustering the computing system with another computing system also comprising a multimedia processor.
  - 9. The method of claim 1, wherein an operating frequency of the multimedia processor is less than that of the central processor.
  - 10. The method of claim 1, wherein the memory of the computing system is a volatile memory.

11. A method of anti-malware scanning comprising:
- providing, in a computing system including a central processor, a multimedia processor comprising a plurality of processors to operate in parallel with one another;
  
  storing at least one known malware signature in a cache memory of the multimedia processor;
  
  fetching data to be scanned for malware from a non-volatile storage of the computing system one sector at a time in a sequential order;
  
  dividing a sector to enable fetching the data to be scanned for malware from the non-volatile storage of the computing system to correspond to a pre-allocated location thereof in a memory of the computing system;
  
  loading, using the central processor, a chunk of data of the data to be scanned for malware corresponding to a maximum capacity of the memory of the computing system in a single instruction cycle into the cache memory to be processed in parallel by the multimedia processor; and
  
  in response to an instruction from the central processor, providing a capability to the multimedia processor to both;
  
  scan the chunk of data for at least one known malware based on the stored at least one known malware signature; and
  
  update the cache memory with a signature of a new malware based on detection thereof during scanning the chunk of datain the same single instruction cycle.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, comprising controlling fetching of the data from the non-volatile storage of the computing system using the multimedia processor.
  - 13. The method of claim 11, wherein the chunk of data corresponding to the maximum capacity of the memory of the computing system includes a plurality of files stored in the non-volatile storage of the computing system.
  - 14. The method of claim 11, wherein the central processor of the computing system is a multi-core processor.
  - 15. The method of claim 11, comprising scanning the chunk of data for at least one of a computer virus, a trojan, a malicious e-mail content, a worm, a phishing attack, an unwanted application, a rootkit, and a spyware.

16. A computing system comprising:
- a central processor; and
  
  a multimedia processor comprising;
  
  a plurality of processors to operate in parallel with one another; and
  
  a cache memory communicatively coupled to the plurality of processors, the cache memory including at least one known malware signature stored therein, the multimedia processor being configured to control fetching of data to be scanned for malware from a non-volatile storage of the computing system one sector at a time in a sequential order, and dividing a sector to enable fetching the data to be scanned for malware from the non-volatile storage of the computing system to correspond to a pre-allocated location thereof in a memory of the computing system, the central processor being configured to instruct the multimedia processor to scan the data for malware therethrough, and the multimedia processor, in accordance with the instruction, further being configured to copy the data into the cache memory thereof based on loading a chunk of the data corresponding to a maximum capacity of the memory of the computing system in one instruction cycle and to execute an anti-malware algorithm capable of both scanning the data for at least one known malware based on the at least one known malware signature stored in the cache memory and updating the cache memory with a signature of a new malware based on detection thereof during the scanning of the data in the same one instruction cycle to free the central processor for a non-anti-malware related task.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computing system of claim 16, wherein the anti-malware algorithm utilizes data comprising a plurality of files stored in the non-volatile storage of the computing system.
  - 18. The computing system of claim 16, wherein the computing system is a part of a computer cluster including at least one other computing system.
  - 19. The computing system of claim 16, wherein the central processor is configured to load the data corresponding to a maximum capacity of the memory of the computing system to be processed in parallel by the multimedia processor for the malware related scanning.
  - 20. The computing system of claim 16, wherein the multimedia processor is used to control a data write process of writing a result of the execution of the anti-malware algorithm to the memory of the computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NVIDIA Corporation
Original Assignee
NVIDIA Corporation
Inventors
Upadhyay, Janardan
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Okeke, Izunna

Application Number

US12/573,886
Publication Number

US 20110083184A1
Time in Patent Office

1,246 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/564 by virus signature recognition

H04L 63/145 the attack involving the pr...

Anti-malware scanning in parallel processors of a graphics processing unit

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Anti-malware scanning in parallel processors of a graphics processing unit

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links