Parallel Length-based Matching Architecture for High Throughput Multi-Pattern Matching

Multi-pattern matching is a key technique for network security applications such as Network intrusion detection/protection systems (NIDS/NIPS). Deterministic finite automaton (DFA) is widely used for multipattern matching, while the link bandwidth and the traffic of the Internet are rapidly increasing, high performance and low storage cost DFA-based NIDS is strongly required. In this paper, we propose a parallel Length-based matching (LBM) architecture to increase the throughput without extra memory cost. The basic idea is to process multiple characters between some specific tags in parallel. We propose a multiple hash functions solution to reduce the possibility of false positive. The evaluation shows that our parallel architecture can reduce nearly 55% processing time with less memory consumption than the traditional DFA.