Efficient DFA Grouping for Traffic Identification
Traffic Identification is a key function performed by Internet Service Providers' (ISP) administrators to evaluate and improve network services. However, traffic identification needs to be done in real-time and at wire speed to be useful for network tuning. Deep Packet Inspection (DPI) is widely used for identifying normal applications and attacks in the network by looking for well-known patterns within the packets. Such patterns are mostly expressed by Regular Expressions (RE), which are then evaluated by machines known as Deterministic Finite Automata (DFA). Some previous studies grouped DFAs together to evaluate multiple patterns on a single DFA match?s run. Efficient grouping algorithms would combine several DFAs without exceeding the available machine?s memory.