Security devices, such as intrusion detection and prevention (IDP) devices, have become a key component in both service provider and enterprise networks. A conventional technique, utilized by IDP devices to identify attacks, threats, and/or malicious traffic, is based on signatures. These signatures are typically a form of regular expressions (e.g., strings) or sub-strings, which are converted into a Nondeterministic Finite Automata (NFA) or a Deterministic Finite Automata (DFA), and used as a pattern by a matching engine to compare a series of bytes or packet sequences in network traffic. While there are multiple ways to represent a DFA, DFA is susceptible to state explosion since as the number of wildcards in a regular expression increases, the number of DFA states increases, sometimes in exponential fashion. Accordingly, with any DFA representation, there is usually a trade-off between memory consumption versus matching speed.