StriD2FA: Scalable Regular Expression Matching for Deep Packet Inspection

Deep Packet Inspection (DPI) has become one of the key components of a Network Intrusion Detection System (NIDS) and it compares packet content against a set of rules written in regular expression. The need to keep up with ever-increasing line speed has forced NIDS designers to move to hardware-based implementation where the memory resources are limited. DPI technologies have been increasingly deployed in NIDS to detect attacks or viruses. To this end, state-of-the-art systems, including Snort, ClamAV and security applications from Cisco Systems, compare packet content to a set of rules. Rules written in strings are initially popular, but have limited expressiveness.