StriD²FA: Scalable Regular Expression Matching for Deep Packet Inspection

Deep packet inspection (DPI) has become one of the key components of a Network Intrusion Detection System (NIDS) and it compares packet content against a set of rules written in regular expression. The need to keep up with ever-increasing line speed has forced NIDS designers to move to hardware-based implementation where the memory resources are limited. In this paper, we present LBM, a novel accelerating scheme for regular expression matching which converts the original byte stream into much shorter integer stream and then matches it with a variant of DFA, called Stride-DFA(StriDFA). In the instance of LBM that we realize, a speedup of 10-15 is achievable while the required memory size is much less than that in the traditional DFA.