Jump to content
Amaroq_Starwind

OpenACC; GPU Compute for Malwarebytes?

Recommended Posts

Heya, MBAM Team, it's Amaroq again!¬†Yes, that vulpine who says things. And I'm back again with yet another rapid-fire idea coming at you fast, if you catch my meaning~¬†ūü¶ä

https://developer.nvidia.com/openacc

Nvidia has a thing called OpenACC which you can put into existing C++ code, and through the use of a special compiler, you can instantly get a program that has the option of running on a GPU to leverage its parallel processing capabilities, which might drastically increase performance, especially for longer scans, as many things could now be scanned in parallel, among other things, like running more complicated heuristics at breakneck speed.

Would this be a viable thing to testrun? As always, let me know your opinions.

 

This is probably my second-to-last suggestion for the day, because I'm getting pretty burned out.

Share this post


Link to post
Share on other sites

And I guess while one's at it, OpenMP is another option to experiment with, and any any code which isn't suited to the GPU could instead be rewritten in assembly versus C++ over time, leading to more performance improvements and lower storage/memory requirements for the sections of code which do not benefit from GPU acceleration.

Share this post


Link to post
Share on other sites

Greetings,

Unfortunately I doubt this could be accomplished since GPUs are very feature and API limited compared to actual CPUs, so much of what Malwarebytes does during a scan, especially with regards to thread analysis in memory and low-level file system/disk access (for scanning for rootkits etc.) probably wouldn't work properly, and even more basic functions like standard file analysis might not be possible in a GPU.

With that said, Malwarebytes is multi-threaded so it does take advantage of multi-core and multi-threaded (i.e. Hyperthreading/SMT depending on whether it's an Intel CPU or modern AMD CPU; older AMD chips don't have any kind of multi-threading capability for individual cores) so it does take advantage of more powerful CPUs and CPU capabilities.  I can also personally attest to the fact that when used to scan an SSD, and especially an NVMe PCIExpress SSD, it scans very fast, completing a Threat scan in a matter of seconds (currently around 40 seconds or so on my own system).

Technologies like the compute capabilities built into modern GPUs are more for projects and software that use too many resources/are too large to be handled by a single system/CPU, like massive machine learning data sets and databases and large scale data simulations like physics simulations and other scientific endeavors.  A malware scan by comparison is a very simple task and doesn't require the kinds of resources that scalable solutions like GPU compute were designed to tackle.

Edited by exile360

Share this post


Link to post
Share on other sites

I have no idea as I'm not a Developer, I just know that the functions and APIs used for scanning and file analysis in Windows are very different from the machine learning/AI models and other functions used in the scientific projects managed by OpenACC.  It's not something that was designed for AVs on a single system scale, though certainly for the machine learning components leveraged on the server side used by the Research team such technology would apply, but I don't know what the scale of their work and data set are there, so it would depend on that.  The whole point of technology like GPU compute is to make massive workloads that are too large for a single CPU/system scale vertically so that you can apply multiple specialized processors (the GPUs) to those large data sets and workloads to substitute a setup with many PCIExpress GPUs for a massive set of systems/servers as it's more cost effective and GPUs are better at working with certain types of operations/functions and calculations, but that technology doesn't work for every type of workload because of the limits to the capabilities of GPUs compared to x86/x64 CPUs.

This is actually a subject I've been learning a lot about lately as I've always been into hardware and over recent years the whole mining thing with GPUs, the emergence of big data and various machine learning models and the specialization of AMD/ATI and NVIDIA in the compute side of things have brought these technologies more into the mainstream so I read and hear about them a lot.

It's just that when all you have is a single system of files to analyze by an engine designed to function in a single CPU environment using standard APIs and protocols, it doesn't translate well to the kind of specialized work and more massive data sets that GPU scaling was designed for.  Basically it's not the kind of workload that this technology was designed to help with if that makes sense.  But again, on the cloud side where the Research team is analyzing massive sets of data from users and resources like VirusTotal for classifying known and unknown files as threats or clean using machine learning algorithms it absolutely makes sense, and they may well be using such a solution for that work (I don't know as I'm obviously not on the Dev/Research team).

Share this post


Link to post
Share on other sites

By the way, while not related to this precisely, it is still pretty cool as it has to do with cloud and systems management, I thought you might find this interesting.  They are leveraging Amazon Alexa Home to provide access to cloud data from the managed business product for those customers.

Share this post


Link to post
Share on other sites

Just an update to my idea; GPU acceleration might also be helpful with Multi-Engine scanning (such as what OPSWAT does), not just Multi-Volume scanning, and could probably also help with other more-aggressive protection measures that would otherwise hog CPU resources. Nvidia's Turing GPUs in particular could be handy with their Tensor cores, as it would provide a considerably boost to machine learning, and there's also the idea of using GPU memory for operations. I especially think that the Titan RTX (and any Tesla/Quadro cards with NVLink) could be especially useful for resource-hungry operations.

Share this post


Link to post
Share on other sites

Yep, that's true, and they likely are already leveraging such technologies on the server side of things, however in Windows for consumers (and even business users) I don't think such coding would do much to benefit those users, especially since anyone running a GPU that powerful is likely to have a fast multi-core/multi-threaded CPU which is well up to the task of handling scans and such for Malwarebytes' products (which are already fully optimized to take advantage of multiple cores and multi-threading (Hyperthreading and SMT for Intel and AMD respectively)).

Also, as a laptop user with a high-end system, I really wouldn't want any application to start bombing my GPU with unnecessary load without my permission as that could easily lead to thermal issues as well as performance problems, not to mention the massive hit to battery life when not tethered to an outlet (which is admittedly pretty rare for me as I use my laptop as a stationary workstation, but for normal people it could really piss them off; just look at all the outrage that came when sites started using idle CPU and GPU resources to mine Bitcoin and the like for cases where users were running ad blockers; people freaked out so much that Malwarebytes and other security vendors started blocking the mining servers automatically to prevent it).

Share this post


Link to post
Share on other sites

Well... I recently found out that OpenACC also runs on the integrated graphics on Intel CPUs and AMD APUs, and is compatible with conventional C language. Rad!

Unfortunately, I am still not sure if MS Visual Studio can be made into an OpenACC compatible compiler or not (I mean, maybe it can through plug-ins?), or if OpenACC can run on ARM64. Additionally, it also seems like the demand for Malwarebytes on OpenACC is still extremely low, and this there is a negligible probability that it will happen any time soon...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.