Issue No. 01 - Jan.-June (2018 vol. 17)
Yue Zha , Electrical and Computer Engineering, University of Wisconsin, Madison, WI
Jing Li , Electrical and Computer Engineering, University of Wisconsin, Madison, WI
The rapid growth in network bandwidth and the ever more sophisticated network attack techniques pose challenges to current network intrusion detection systems (NIDS). While software-based solutions are incapable of performing wire-speed network traffic monitoring, many hardware-based pattern matching solutions also suffer from capacity limitation and high power consumption. To effectively address these challenges, we propose a reconfigurable complex matching accelerator (CMA) enabled by the emerging nonvolatile memory technology (resistive random access memory) to speed up intrusion detection systems with better energy efficiency. Beyond common equality matching in current NIDS, CMA can be configured to provide a comprehensive set of arithmetic matching functions (e.g., less than), resulting in improved utilization and higher energy efficiency. We evaluate CMA using real-world network security benchmarks. On average, it achieves 84.9 percent area reduction, 97.3 percent energy consumption reduction, and 20 percent improvement in searching speed compared to the SRAM-based Ternary Content Addressable Memory (TCAM) design in state-of-the-art NIDS. It also outperforms emerging RRAM-based TCAM (2.5T1R) design in area, energy and search delay, on the set of evaluated workloads.
Computer architecture, Coprocessors, Intrusion detection, Encoding, IP networks, Ports (Computers)
Y. Zha and J. Li, "CMA: A Reconfigurable Complex Matching Accelerator for Wire-Speed Network Intrusion Detection," in IEEE Computer Architecture Letters, vol. 17, no. 1, pp. 33-36, 2018.