This paper takes advantage of the emerging multi-core com-puter architecture to design a general framework for mit-igating network-based complexity attacks. In complexity attacks, an attacker carefully crafts “heavy ” messages (or packets) such that each heavy message consumes substan-tially more resources than a normal message. Then, it sends a sufficient number of heavy messages to bring the system to a crawl at best. In our architecture, called MCA2—Multi-Core Architecture for Mitigating Complexity Attacks—cores quickly identify such suspicious messages and divert them to a fraction of the cores that are dedicated to handle all the heavy messages. This keeps the rest of the cores relatively unaffected and free to provide the legitimate traffic the same quality of service as if no attack takes place. We demonstrate the effectiveness of our architecture by examining cache-miss complexity attacks against Deep Pack-et Inspection (DPI) engines. For example, for Snort DPI engine, an attack in which 30 % of the packets are malicious degrades the system throughput by over 50%, while with MCA2 the throughput drops by either 20 % when no pack-ets are dropped or by 10 % in case dropping of heavy pack-ets is allowed. At 60 % malicious packets, the corresponding numbers are 70%, 40 % and 23%.