Profiling and accelerating string matching algorithms in three network content security applications

Po-ching Lin, Zhi-xiang Li, Ying-dar Lin, Yuan-cheng Lai, Frank Lin
2006 IEEE Communications Surveys and Tutorials  
The efficiency of string matching algorithms is essential for network content security applications, such as intrusion detection systems, anti-virus systems, and Web content filters. This work reviews typical algorithms and profiles their performance under various situations to study the influence of the number, the length, and the character distribution of the signatures on performance. This profiling can reveal the most efficient algorithm in each situation. A fast verification method for
more » ... string matching algorithms is also proposed. This work then analyzes the signature characteristics of three content security applications and replaces their original algorithms with the most efficient ones in the profiling. The improvement for both real and synthetic sample data is observed. For example, an open source anti-virus package, ClamAV, is five times faster after the revision. This work features comprehensive profiling results of typical string matching algorithms and observations of their application on network content security. The results can enlighten the choice of a proper algorithm in practical design.
doi:10.1109/comst.2006.315851 fatcat:uceterxz2ng4haq2f4yxexkvqa