New string matching technology for network security

TL;DR: On a basis of Boyer-Moore-Horspool algorithm, a new string matching algorithm is presented in this paper and test results show that the algorithm has better performance than Boyers-Moore algorithm and Boyer, Moore, and Horspool, and more simple and efficient.

Abstract: String matching is a comprehensive applicable key technology beyond intrusion detection systems (IDS), and many areas can benefit from faster string matching algorithm. Which can be used in IDS, firewall et al network security applications. These applications are usually deployed at choke points of a network where there is heavily traffic. Using lower efficient string matching algorithm may make these applications to become a performance bottleneck in network. So it is very necessary to develop faster and more efficient string matching algorithms in order to overcome the troubles on performance. On a basis of Boyer-Moore-Horspool algorithm, a new string matching algorithm is presented in this paper. The algorithm is described in detail. The new algorithm has been greatly improved. The algorithm is one simplification of Boyer-Moore-Horspool algorithm. Array NEXT in Preprocessing stage is redesigned. A novel generated rules are presented. Using these rules, a simple NEXT is generated. And based on the concept of reference point, all make the algorithm to have better performance and more efficient. These characteristics will be useful in all these applications. Main features of the algorithm are presented, then explained its work processes. The algorithm also passed test and is validated. The test results show that the algorithm has better performance than Boyer-Moore algorithm and Boyer-Moore-Horspool algorithm, and more simple and efficient.