关键词: Aho-Corasick算法, 多模式匹配, 稀疏矩阵, 入侵检测

Abstract: Multi-pattern matching algorithm is widely used in network intrusion detection system. At present, the research is mostly focused on how to improve the algorithm's matching speed but pays little attention to the memory consumption. It is a valuable problem to degrade the multi-pattern matching algorithm's memory consumption for embedded IDS based on hardware implementation. Aho-Corasick algorithm is based on finite state machine and has O(n) time complexity. Since the algorithm needs large memory to store the state table, it has great difficulty to be applied to memory restrained intrusion detection system. The Aho-Corasick algorithm's memory consumption and several feasible AC FSM storage strategies were deeply discussed. Finally an improved FSM storage strategy was present. The experiment shows that the strategy can effectively degrade the AC algorithm's memory consumption and has little affects on matching speed.

Key words: Aho-Corasick algorithm , Multi-pattern matching , Sparse matrix, Iintrusion detection