ISEC2017 at Sorrento 16/Jun/2017 Fr-I-DIG-03



# Design and high-speed demonstration of an SFQ complex event detector circuit for complex event processing

Ryosuke Sato\*, Tomohiro Ono, Yuki Yamanashi, Nobuyuki Yoshikawa Department of Electrical and Computer Engineering, Yokohama National University

The circuits were fabricated in the clean room for analog-digital superconductivity (CRAVITY) of National Institute of Advanced Industrial Science and Technology (AIST) with the advanced process 2 (ADP2).

#### Background

Big data

Large amount and various kinds of information

Traditional data processing approach is inadequate.

|                       | Batch processing                                                                                  | Real time processing                                                                      |
|-----------------------|---------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|
| Equipment             | Hard disk                                                                                         | Memory                                                                                    |
| Time scale<br>of data | Days - Years                                                                                      | Seconds - Minutes                                                                         |
| Example               | <ul> <li>Comparison of monthly site<br/>accesses</li> <li>Calculation of monthly sales</li> </ul> | <ul> <li>Detection of cyber terrorism</li> <li>Financial algorithm transaction</li> </ul> |

As the amount of data increases, real time processing is gathering attention.

#### **Complex Event Processing**

- Complex Event Processing (CEP)
   >real-time processing for stream data
  - detection of cyber terrorism
  - financial algorithm transaction

IBM Security Network Protection XGS (XGS5100)



 $\cite{tabular} time{tabular} time{tabular}$ 

#### **Complex Event Detector**

Complex Event Detector (CED)
 Component circuit of CEP system
 Performs pattern matching between "Data" and "Symbol"



### Pattern Matching

- Main operation of CED circuit
- Detecting "Symbol" string from "Data" string by comparison
- Corresponding to regular expression, variety of patterns are detected.



# **Network Intrusion Detection System**

• Network Intrusion Detection System (NIDS)



NIDS detects virus by comparing packet and virus pattern.

#### Virus Pattern of NIDS[2]

- Total number of virus pattern in snort at 2003 : 1542
- Average length: 14 Symbol



[2] M. Aldwairi, T. Conte, and P. Franzon, "Configurable string matching hardware for speeding up intrusion detection," ACM SIGARCH Computer Architecture News, vol. 33, no. 1, pp. 99–107, Mar. 2005.

#### Problem of CMOS NIDS

| CMOS NIDS[3] |          |             |            |
|--------------|----------|-------------|------------|
| Method       | Device   | Logic cells | Throughput |
| NFA          | Virtex2P | 12822       | 1.85 Gbps  |

[3] T. T. Hieu, T. N. Thinh, T. H. Vu, and S. Tomiyama, "Optimization of Regular Expression Processing Circuits for NIDS on FPGA," in 2011 Second International Conference on Networking and Computing, 2011, pp. 105–112.

• Communication speed is getting faster.

➢Optical communication is high speed. ex. OC-768 (40Gbps)



It is difficult to catch up with growth of communication speed.

#### Purpose

NIDS must catch up with growth of communication speed. ex. OC-768 (40 Gbps)

Single Flux Quantum : SFQ
 >High speed operation (10s of GHz)
 >Low power consumption



• Purpose

➢ Design CED circuit for NIDS by SFQ circuit

Demonstration CED circuit for regular expression

#### Structure of SFQ CED Circuit

- Composed of 1-symbol matching circuit (1SMC)
- Comparing 8-bit "Data" with "Symbol" bit-serially at 1SMC



#### Operation of SFQ CED Circuit 1/2

- Data = Symbol : Next "Symbol" and "Data" are compared
- ex. Symbol : A B C D Data : A B C D Data€Streadbol\_B



11

### Operation of SFQ CED Circuit 2/2

- Decide length of Symbol by Start\_set signal
  - ex. Symbol : B<u>CD</u> Data **Data Data** : A B C D Data Symbol D Symbol C Symbol B Symbol A Data B Register Registe Register Register В D Detect 1-symbol T out -symbol 1-symbol 1-symbol T in matching matching matching matching circuit circuit circuit circuit Start set B Start set D Start set C Start set A

# **Operation of 1-Symbol Matching Circuit**

- Structure
   XOR, Flip Flops

   Comparison part
   Result storing part
   Result control part
- Operation
  - 1. Compare 8-bit input bit-serially
  - 2. Register result of comparison
  - 3. Output result of comparison



If "Data" = "Symbol", T\_out propagates to next 1SMC.

### Design 4-Symbol SFQ CED Circuit

2.5 mm

Data SR

CG

- Pattern matching for 4 or less Symbol
- 1 Symbol is 8 bits.
   "Symbol" = 00001000<sub>(2)</sub> = 08<sub>(16)</sub>



## Waveform of High Speed Measurement



# Operation Margin of 4-Symbol SFQ CED Circuit



|                           | Simulation        | Measurement          |
|---------------------------|-------------------|----------------------|
| Bias Margin<br>@ 52.1 GHz | 80% <b>~</b> 125% | 68.8% <b>~</b> 91.2% |

#### **Regular Expression**

• We confirmed correct operation of exact matching.

Regular expression
Description of flexible pattern
Virus pattern is written in regular expression.
ex: A.CD = ABCD, ACCD, ADCD, •••

| Expression | Meaning                                     |  |
|------------|---------------------------------------------|--|
| [.]        | Matches any data.                           |  |
| [A+]       | Matches a sequence of one or more data "A". |  |
| [ A B ]    | Matches either data "A" or "B".             |  |
| [^A ]      | Matches the all data except data "A".       |  |

### **Corresponding to Regular Expression**

| Expression | Meaning                                     |  |
|------------|---------------------------------------------|--|
| [.]        | Matches any data.                           |  |
| [A+]       | Matches a sequence of one or more data "A". |  |
| [ A B ]    | Matches either data "A" or "B".             |  |
| [^A ]      | Matches the all data except data "A".       |  |

**ex**: A.CD = ABCD, ACCD, ADCD, ••





Corresponding to regular expression by adding functions to 1SMC.

# Scaling of SFQ CED circuit

- SFQ CED circuit has scalability.
- Operating speed is not reduced by scaling up.



|                 | Exact matching | Regular expression |
|-----------------|----------------|--------------------|
| JJs (40 Symbol) | 7448           | 22260              |

If we design CED circuit for enough Symbol, number of JJs will be 22260.

# Summary

- CEP is one approach to process big data.
   >One of the applications of CEP system is NIDS.
   >Performs pattern matching in CED circuit
- Demonstrated 4-symbol SFQ CED circuit
   ➢Number of JJs is 4476.
   ➢Bias margin at 52.1 GHz is 68.8%~91.2%.
- Estimated CED circuit for regular expression
   Added functions to 1SMC for regular expression
   >when we extended the scale of CED circuit, operating speed isn't reduced
   >Number of JJs will be 22260 for a 40-Symbol CED.

# Thank you for your attention !