Abstract

With the increasing importance of network protection from cyber threats, it is requested to develop a multi-gigabit rate pattern-matching method for protecting against malicious attacks in high-speed network. This paper devises a high-speed deep packet inspection algorithm with TCAM by using an m-byte jumping window pattern-matching scheme. The proposed algorithm significantly reduces the number of TCAM lookups per payload by m times with the marginally enlarged TCAM size which can be implemented by cascading multiple TCAMs. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload. It is shown by simulation that for the Snort rule with 2,247 patterns, our proposed algorithm supports more than 10 Gbps rate with a 9 Mbit TCAM.