A fast pattern-matching algorithm for network intrusion detection system

We present a multi-gigabit rate multiple pattern-matching algorithm with TCAM that enables protecting against malicious attacks in a high-speed network. The proposed algorithm significantly reduces the number of TCAM lookups per payload with m-byte jumping window scheme. Due to the reduced number of TCAM lookups, we can easily achieve multi-gigabit rate for scanning the packet payload in order to inspect the content. Furthermore, multi-packet inspection is achieved easily by the extended state transition diagram with the shifting distance. With experimental results, we have clearly justified the proposed algorithm works well for a multi-gigabit network intrusion detection system.