research-article

Efficient Memristor-Based Architecture for Intrusion Detection and High-Speed Packet Classification

Authors:

Venkataramesh Bontupalli,

Chris Yakopcic,

Tarek M. TahaAuthors Info & Claims

ACM Journal on Emerging Technologies in Computing Systems (JETC), Volume 14, Issue 4

Article No.: 41, Pages 1 - 27

https://doi.org/10.1145/3264819

Published: 28 November 2018 Publication History

Abstract

Deep packet inspection (DPI) is a critical component to prevent intrusion detection. This requires a detailed analysis of each network packet header and body. Although this is often done on dedicated high-power servers in most networked systems, mobile systems could potentially be vulnerable to attack if utilized on an unprotected network. In this case, having DPI hardware on the mobile system would be highly beneficial. Unfortunately, DPI hardware is generally area and power consuming, making its implementation difficult in mobile systems.

We developed a memristor crossbar-based approach, inspired by memristor crossbar neuromorphic circuits, for a low-power, low-area, and high-throughput DPI system that examines both the header and body of a packet. Two key types of circuits are presented: static pattern matching and regular expression circuits. This system is able to reduce execution time and power consumption due to its high-density grid and massive parallelism. Independent searches are performed using low-power memristor crossbar arrays giving rise to a throughput of 160Gbps with no loss in the classification accuracy.

References

[1]

A. Mitra, W. Najjar, and L. Bhuyan. 2007. Compiling PCRE to FPGA for accelerating SNORT IDS. In ACM/IEEE Symposium on Architectures for Networking and Communications Systems.

Digital Library

[2]

A. Khalid, R. Sen, and A. Chattopadhyay. 2013. SI-DFA: Sub-expression integrated deterministic finite automata for deep packet inspection. In IEEE International Conference on High Performance Switching and Routing. 164--170.

[3]

A. X. Liu and E. Torng. 2014. An overlay automata approach to regular expression matching. In IEEE Conference on Computer Communications. 952--960.

[4]

Snort, the Open Source Network Intrusion Detection System. Retrieved from http://www.snort.org/.

[5]

L. O. Chua. 1971. Memristor—the missing circuit element. IEEE Transactions on Circuit Theory 18, 5 (1971) 507--519.

[6]

W. Lu, K.-H. Kim, T. Chang, and S. Gaba. 2011. Two-terminal resistive switches (memristors) for memory and logic applications. In 16th Asia and South Pacific Design Automation Conference. 217--223.

Digital Library

[7]

S. H. Jo, K.-H. Kim, and W. Lu. 2009. High-density crossbar arrays based on a si memristive system. Nano Letters 9, 2 (2009) 870--874.

[8]

S. Wang, W. Wang, C. Yakopcic, E. Shin, G. Subramanyam, and T. M. Taha. 2017. Experimental study of LiNbO3 memristors for use in neuromorphic computing. Microelectronic Engineering 168, 37--40.

[9]

S. Wang, W. Wang, C. Yakopcic, E. Shin, G. Subramanyam, and T. M. Taha. 2016. Reconfigurable neuromorphic crossbars based on titanium oxide memristors. Electronics Letters 52, 20 (2016) 1673--1675.

[10]

R. Hasan, T. Taha, C. Yakopcic, and D. Mountain. 2016. High throughput neural network based embedded streaming multicore processors. In IEEE International Conference on Rebooting Computing (ICRC). 1--8, San Diego, CA, Oct. 2016.

[11]

C. Yakopcic, R. Hasan, and T. M. Taha. 2015. Hybrid crossbar architecture for a memristor based cache. Elsevier Microelectronics Journal 46, 11 (2015), 1020--1032.

Digital Library

[12]

V. Bontupalli, R. Hasan, and T. M. Taha. 2014. Power efficient architecture for network intrusion detection system. In IEEE National Aerospace and Electronics Conference (NAECON 2014). IEEE, 2014.

[13]

A. V. Aho and M. J. Corasick. 1975. Efficient string matching: An aid to bibliographic search. Communications of the ACM 18, 6 (1975) 333--340.

Digital Library

[14]

T. Ganegedara, J. Weirong, and V. K. Prasanna. 2014. A scalable and modular architecture for high-performance packet classification. IEEE Transactions on Parallel and Distributed Systems 25, 1135--1144.

Digital Library

[15]

L. Tan, B. Brotherton, and T. Sherwood. 2006. Bit-split string-matching engines for intrusion detection and prevention. ACM Transactions on Architecture and Code Optimization 3, 1 (March 2006), 3--34.

Digital Library

[16]

D. Taylor and J. Turner. 2005. Scalable packet classification using distributed crossproducing of field labels. In 24th Annual Joint IEEE INFOCOM. 269--280.

[17]

H. Song and J. W. Lockwood. 2005. Efficient packet classification for network intrusion detection using FPGA. In Proceedings of the 2005 ACM/SIGDA 13th International Symposium on Field-Programmable Gate Arrays. 238--245.

Digital Library

[18]

R. W. Floyd and J. D. Ullman. 1982. The compilation of regular expressions into integrated circuits. Journal of the ACM (JACM) 29, 3 (1982), 603--622.

Digital Library

[19]

Y.-H. E. Yang and V. K. Prasanna. 2013. Robust and scalable string pattern matching for deep packet inspection on multicore processors. IEEE Transactions on Parallel and Distributed Systems 24, 11 (2013), 2283--2292.

Digital Library

[20]

M. Becchi, M. Franklin, and P. Crowley. 2008. A workload for evaluating deep packet inspection architectures. In IEEE International Symposium on Workload Characterization (IISWC’08). IEEE.

[21]

P. Dlugosch, Dave Brown, Paul Glendenning, Michael Leventhal, and Harold Noyes. 2014. An efficient and scalable semiconductor architecture for parallel automata processing. IEEE Transactions on Parallel and Distributed Systems 25, 12 (2014), 3088--3098.

[22]

R. S. Boyer and J. S. Moore. 1977. A fast string searching algorithm. Communications of the ACM 20, 10 (1977), 761--772.

Digital Library

[23]

C. Yakopcic, T. M. Taha, G. Subramanyam, and R. E. Pino. 2013. Generalized memristive device SPICE model and its application in circuit design. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 32, 8 (Aug. 2013), 1201--1214.

Digital Library

[24]

C. Yakopcic, V. Bontupalli, R. Hasan, D. Mountain, and T. M. Taha. 2017. Self-biasing memristor crossbar used for string matching and TCAM implementation. Electronics Letters 53, 7 (Mar. 2017), 463--465.

[25]

Arizona State University Nanoscale Integration and Modeling (NIMO) Group. Retrieved from http://ptm.asu.edu/.

[26]

M. N. Kozicki, M. Balakrishnan, C. Gopalan, C. Ratnakumar, and M. Mitkova. 2005. Programmable metallization cell memory based on Ag--Ge--S and Cu--Ge--S solid electrolytes. In Proceedings of Non-Volatile Memory Technology Symposium. 83--89.

[27]

Y.-D. Kim, H.-S. Ahn, J.-Y. Park, S. Kim, and D.-K. Jeong. 2006. A storage- and power-efficient range-matching TCAM for packet classification. In IEEE International Solid-State Circuits Conference (ISSCC) Digest. 587--596.

[28]

P.-T. Huang and W. Hwang. 2011. A 65 nm 0.165 fJ/Bit/Search 256 144 TCAM. IEEE Journal of Solid State Circuits 46, 2 (Feb. 2011), 507--519.

[29]

L. Zheng, S. Shin, S. Lloyd, M. Gokhale, K. Kim, and S.-M. Kang. 2016. RRAM-based TCAMs for pattern search. In IEEE ISCAS. 1382--1385.

[30]

W. Xu, T. Zhang, and Y. Chen. 2010. Design of spin-torque transfer magneto-resistive RAM and CAM/TCAM with high sensing and search speed. IEEE Transactions on VLSI Systems 18, 1 (Jan. 2010), 66--74.

Digital Library

[31]

C. Yakopcic, Z. Alom, and T. Taha. 2017. Extremely parallel memristor crossbar architecture for convolutional neural network implementation. In IEEE/INNS International Joint Conference on Neural Networks (IJCNN). 1696--1703.

[32]

A. B. Kahng, B. Li, L. S. Peh, and K. Samadi. 2009. ORION 2.0: A fast and accurate NoC power and area model for early-stage design space exploration. In Design, Automation 8 Test in Europe Conference 8 Exhibition. 423--428.

Digital Library

[33]

Y. Kaneta, S. Yoshizawa, S.-I. Minato, H. Arimura, and Y. Miyanaga. 2010. Dynamic reconfigurable bit-parallel architecture for large-scale regular expression matching. In 2010 International Confernece on Field-Programmable Technology (FPT). IEEE.

[34]

Y. Wen, X. Tang, L. Ju, and T. Chen. 2011. Perex: A power efficient fpga-based architecture for regular expression matching. In 2011 IEEE/ACM International Conference on Green Computing and Communications (GreenCom). IEEE.

Digital Library

[35]

Y. Wakaba, S. Nagayama, S. Wakabayashi, and M. Inagi. 2013. A flexible and compact regular expression matching engine using partial reconfiguration for FPGA. In 2013 Euromicro Conference on Digital System Design (DSD). IEEE.

Digital Library

[36]

P. Russek and W. Kazimierz. 2014. The regular expression matching algorithm for the energy efficient reconfigurable SoC. In Parallel Processing and Applied Mathematics. Springer, Berlin, 545--556.

[37]

Y.-H. E. Yang, W. Jiang, and V. K. Prasanna. 2008. Compact architecture for high-throughput regular expression matching on FPGA. In 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems. ACM.

Digital Library

[38]

T. Katashita, Y. Yamaguchi, and K. Toda. 2007. FPGA-based intrusion detection system for 10 gigabit ethernet. IEICE Transactions on Information and Systems 90, 12 (2007), 1923--1931.

Digital Library

[39]

T. N. Thinh, T. T. Hieu, V. Q. Dung, and S. Kittitornkun. 2012. A FPGA-based deep packet inspection engine for network intrusion detection system. In 2013 Euromicro Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON). IEEE.

[40]

S. Dharmapurikar and J. Lockwood. 2005. Fast and scalable pattern matching for content filtering. In 2005 ACM Symposium on Architecture for Networking and Communications Systems. ACM.

Digital Library

[41]

Y.-H. E. Yang and V. K. Prasanna. 2013. Robust and scalable string pattern matching for deep packet inspection on multicore processors. In IEEE Transactions on Parallel and Distributed Systems 24, 11 (2013), 2283--2292.

Digital Library

[42]

B. Cronin and X. Wang. 2013. Hardware acceleration of regular expression repetitions in deep packet inspection. Information Security, IET 7, 4 (2013), 327--335.

[43]

F. Yu, T. Lakshman, M. Motoyama, and R. Katz. 2006. Efficient multimatch packet classification for network security applications. IEEE Journal on Selected Areas in Communications 24, 10 (Oct. 2006), 1805--1816.

Digital Library

[44]

M. Faezipour and M. Nourani. 2009. Wire-speed TCAM-based architectures for multimatch packet classification. IEEE Trans. Comput. 58, 1 (Jan. 2009), 5--17.

Digital Library

Cited By

Lin PLai YLiao MChiu SChen J(2024)Hybrid Clustering Mechanisms for High-Efficiency Intrusion Prevention2024 26th International Conference on Advanced Communications Technology (ICACT)10.23919/ICACT60172.2024.10471957(01-06)Online publication date: 4-Feb-2024
https://doi.org/10.23919/ICACT60172.2024.10471957
Saleh SGoossens AShu SBanerjee TKoldehofe B(2024)Analog In-Network Computing through Memristor-based Match-Compute ProcessingIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621228(2518-2527)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621228
Saleh SKoldehofe B(2023)The Future is AnalogProceedings of the 22nd ACM Workshop on Hot Topics in Networks10.1145/3626111.3628192(254-262)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3626111.3628192
Show More Cited By

Index Terms

Efficient Memristor-Based Architecture for Intrusion Detection and High-Speed Packet Classification
1. Hardware
  1. Emerging technologies
    1. Analysis and design of emerging devices and systems
      1. Emerging architectures

Recommendations

High throughput architecture for packet classification using FPGA
ANCS '09: Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

To avoid packet classification from being the performance bottleneck in network devices, one-chip solution hardware packet classifier based on HiCuts algorithm is designed and implemented in single chip of FPGA. The compact data structure and the ...
Hardware-Software Codesign for High-Speed Signature-based Virus Scanning

High-speed network content security applications often offload signature matching to hardware. In such systems, the throughput of the overall system, rather than the hardware engine alone, is significant. The authors offload virus scanning in the ClamAV ...
An Input Buffer Architecture for On-chip Routers
ICNC '11: Proceedings of the 2011 Second International Conference on Networking and Computing

The design of buffers in routers influences significantly on the area overhead, energy consumption as well as overall performance of the Network on Chip (NoC). In this paper, we propose an architecture that improves buffer utilization by using a shared ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Journal on Emerging Technologies in Computing Systems

ACM Journal on Emerging Technologies in Computing Systems Volume 14, Issue 4

Special Issue on Neuromorphic Computing

October 2018

164 pages

ISSN:1550-4832

EISSN:1550-4840

DOI:10.1145/3294068

Editor:
Yuan Xie
University of California, Santa Barbara, USA

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 28 November 2018

Accepted: 01 August 2018

Revised: 01 June 2018

Received: 01 January 2018

Published in JETC Volume 14, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
296
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)1

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lin PLai YLiao MChiu SChen J(2024)Hybrid Clustering Mechanisms for High-Efficiency Intrusion Prevention2024 26th International Conference on Advanced Communications Technology (ICACT)10.23919/ICACT60172.2024.10471957(01-06)Online publication date: 4-Feb-2024
https://doi.org/10.23919/ICACT60172.2024.10471957
Saleh SGoossens AShu SBanerjee TKoldehofe B(2024)Analog In-Network Computing through Memristor-based Match-Compute ProcessingIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621228(2518-2527)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621228
Saleh SKoldehofe B(2023)The Future is AnalogProceedings of the 22nd ACM Workshop on Hot Topics in Networks10.1145/3626111.3628192(254-262)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3626111.3628192
Prof. Sumit S Shevtekar Harish Sumant Abhijit Suryawanshi (2022)Splay Tree and Skip List: Effectiveness and Analysis in Internet Packet CategorizationInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT228623(285-294)Online publication date: 15-Nov-2022
https://doi.org/10.32628/CSEIT228623
Saleh SGoossens ABanerjee TKoldehofe B(2022) TCAmM CogniGron : Energy Efficient Memristor-Based TCAM for Match-Action Processing 2022 IEEE International Conference on Rebooting Computing (ICRC)10.1109/ICRC57508.2022.00013(89-99)Online publication date: Dec-2022
https://doi.org/10.1109/ICRC57508.2022.00013
Saleh SKoldehofe B(2022)On Memristors for Enabling Energy Efficient and Enhanced Cognitive Network FunctionsIEEE Access10.1109/ACCESS.2022.322644710(129279-129312)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3226447
Alam MYakopcic CSubramanyam GTaha T(2020)Memristor Based Neuromorphic Network Security System Capable of Online Incremental Learning and Anomaly Detection2020 11th International Green and Sustainable Computing Workshops (IGSC)10.1109/IGSC51522.2020.9291053(1-8)Online publication date: 19-Oct-2020
https://doi.org/10.1109/IGSC51522.2020.9291053
Khezrian NAbbasi M(2019)Comparison of the performance of skip lists and splay trees in classification of internet packetsPeerJ Computer Science10.7717/peerj-cs.2045(e204)Online publication date: 15-Jul-2019
https://doi.org/10.7717/peerj-cs.204
Alam MFernando BJaoudi YYakopcic CHasan RTaha TSubramanyam GPotok TSchuman C(2019)Memristor Based Autoencoder for Unsupervised Real-Time Network Intrusion and Anomaly DetectionProceedings of the International Conference on Neuromorphic Systems10.1145/3354265.3354267(1-8)Online publication date: 23-Jul-2019
https://dl.acm.org/doi/10.1145/3354265.3354267

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents