A new paper (here and below) by T. Nalini and M. Padmavathy, Dept of Computer Science and Engineering, Bharath University, Chennai.
See other papers on this subject: here, here and here.
Deep packet inspection directs, persists, filters and logs IP-based applications and Web services traffic based on content encapsulated in a packet's header or payload, regardless of the protocol or application type. In content scanning, the packet payload is compared against a set of patterns specified as regular expressions. With deep packet inspection in place through a single intelligent network device, companies can boost performance without buying expensive servers or additional security products. They are typically matched through deterministic finite automata (DFAs), but large rule sets need a memory amount that turns out to be too large for practical implementation. Many recent works have proposed improvements to address this issue, but they increase the number of transitions (and then of memory accesses) per character. This paper presents a new representation for DFAs, orthogonal to most of the previous solutions, called delta finite automata ( FA), which considerably reduces states and transitions while preserving a transition per character only, thus allowing fast matching. A further optimization exploits Nth order relationships within the DFA by adopting the concept of temporary transitions.