Skip to Main Content
The Internet is suffering caused by the lacking of security. One of the most promising ways to provide security is Intrusion Detection Systems (IDSs). The heart of almost every IDSs is a string matching algorithm, which is a very computational intensive task. Network Processors (NPs), a specialized multiprocessor, can provide flexibility and high performance for string matching. This paper evaluates several key string matching algorithms using a comprehensive simulation framework. Starting from a uniprocessor profiling, the framework constructs task graphs for string matching algorithms. Then task graphs are mapped onto NPs together with other network applications. The system throughput is determined by the analytical performance model. With this framework, we can evaluate the performance of different string matching algorithms on NPs. Our results show that shift table based algorithms (SFKSearch and Wu-Manber) and finite automaton based Aho-Corasick are complementary: SFKSearch and Wu-Manber do better job in NPs for good packet and larger pattern length due to better inter-task parallelism and shifting; Aho-Corasick does not depend on minimal pattern length and shows relative small processing cost variation between bad and good packets.