A Byte-Filtered String Matching Algorithm for Fast Deep Packet Inspection

As link rates and traffic volumes of Internet are constantly growing, string matching using the Deterministic Finite Automaton (DFA) will be the performance bottleneck of Deep Packet Inspection (DPI). The recently proposed bit-split string matching algorithm suffers from the unnecessary state transitions problem, limiting the efficiency of DPI. The root cause lies in the fact that each tiny DFA of the bit-split algorithm only processes a k-bit substring of each input character, but can´t check whether the entire character belongs to the original alphabet for a set of signature rules or no. This paper proposes a byte-filtered string matching algorithm, where Bloom filters are used to preprocess each byte of every incoming packet payload to check whether the input byte belongs to the original alphabet or not, before performing bit-split string matching. Our experimental results show that compared to the bit-split algorithm, our byte-filtered algorithm enormously decreases the time of string matching as well as the number of state transitions of tiny DFAs on both synthetic and real signature rule sets.