Security

High Efficient Performance of DFA for Robust Refiltering Operation on Parallel Process in Packet Inspection

Date Added: Jun 2011
Format: PDF

Multi-pattern string matching remains a major performance bottleneck in network intrusion detection and anti-virus systems for high-speed Deep Packet Inspection (DPI). Although Aho-Corasick Deterministic Finite Automaton (ACDFA) based solutions produce deterministic throughput and are widely used in today's DPI systems such as Snort and ClamAV, the high memory requirement of AC-DFA (due to the large number of state transitions in AC-DFA) inhibits efficient hardware implementation to achieve high performance. Some recent work has shown that the AC-DFA can be reduced to a character trie that contains only the forward transitions by incorporating pipelined processing.