I. Introduction
Multi-string pattern matching serves as a fundamental building block for many network security applications, especially network intrusion/prevention systems (NIDS/NIPS) [2], [3], web application firewalls (WAF) [4], application identification systems [5] and some network censorship/surveillance systems [6], [7]. In these applications, multiple strings are usually represented as the attack signatures (rules), which are then used to inspect whether the payload of a packet matches any of the predefined rules. Since every byte of the packets has to be scanned by a large set of patterns, this often becomes a bottleneck of these applications and dominates the performance of an entire system [8], [9].