Regular Expression Matching with Memristor TCAMs

Abstract

Regular expression (RegEx)matching is a key function in network security, where matching of packet data against known malicious signatures filters and alerts against active network intrusions. RegExs are widely used in open source and commercial network security systems as they easily and concisely represent complex patterns like those malicious signatures. However, the latency and power required to perform RegEx matching is incredibly high and approaches to this problem struggle to achieve > 1 Gbps on real-world rulesets while internet wirespeeds continue to increase > 100 Gbps. We propose performing RegEx matching using memristor-based ternary content addressable memories (mTCAMs)with compressed finite automata (CFA)to meet this challenge. In this work, we show fabrication of mTCAM circuits with excellent device properties from 100nm to 20nm device sizes and validate mTCAM operation. SPICE simulations investigate mTCAM performance at scale and a mTCAM dynamic power model using 16nm mTCAM layout parameters demonstrates 0.173 fJ/bit/search energy for a $36\times 250$ mTCAM array. Using a tiled architecture to implement a Snort ruleset, we estimate performance of our mTCAM approach to be 47.2 Gbps at 1.21W dynamic search power (39 Gbps/W), compared to a state-of-the-art FPGA approach which achieves 3.9 Gbps at 630mW (6.2 Gbps/W). Preliminary error analysis shows the mTCAM approach allows for arbitrarily low false positive/negative rates using minimal and standard state refresh techniques. Dynamic search power is also calculated prior to applying standard TCAM power-reduction techniques capable of lowering power by $\sim\times 10$ , further demonstrating the promise of mTCAM for wirespeed RegEx matching at low power.