A deterministic cost-effective string matching algorithm for Network Intrusion Detection System

Network Intrusion Detection Systems (NIDS) are more and more important in today's network security for identifying and preventing malicious attacks over the network. This paper proposes a novel and effective string matching algorithm (named ACMS) with advantages of both compact memory and high performance. By employing the characteristics of magic states observed from the deterministic finite state automata, the proposed ACMS significantly reduces the memory requirement without sacrificing high speed no matter it is implemented in software or hardware. The ACMS algorithm also provides high flexibility that it can be tuned to fit specific performance requirement and resource constraints. The experimental results show that the performance of ACMS is over 3.5 times in hardware implementation and 21 times in software implementation better than that of the state-of-the-art studies.