A Dual-Port 8-T CAM-Based Network Intrusion Detection Engine for IoT

TL;DR

This paper introduces an energy-efficient, memory-optimized pattern-matching engine for IoT network intrusion detection, utilizing a dual-port 8-T CAM architecture with innovative encoding and pipelining techniques.

Contribution

It presents a novel dual-port 8-T CAM-based pattern-matching engine with reconfigurable automata and fixed-1s encoding for IoT NIDS, achieving high efficiency and low energy consumption.

Findings

Achieves 1.54 fJ energy per search per pattern byte.

Uses only 0.9 bytes of memory per pattern byte.

Demonstrates best-in-class energy efficiency in a 65-nm prototype.

Abstract

This letter presents an energy- and memory-efficient pattern-matching engine for a network intrusion detection system (NIDS) in the Internet of Things. Tightly coupled architecture and circuit co-designs are proposed to fully exploit the statistical behaviors of NIDS pattern matching. The proposed engine performs pattern matching in three phases, where the phase-1 prefix matching employs reconfigurable pipelined automata processing to minimize memory footprint without loss of throughput and efficiency. The processing elements utilize 8-T content-addressable memory (CAM) cells for dual-port search by leveraging proposed fixed-1s encoding. A 65-nm prototype demonstrates best-in-class 1.54-fJ energy per search per pattern byte and 0.9-byte memory usage per pattern byte.