Pattern Matching

This thesis focuses on the development, implementation and optimization of pattern-matching algorithms in two different, yet closely-related research fields: malicious code detection in intrusion detection systems and digital forensics (with a special focus on the data recovery process and the metadata collection stages it involves). The thesis introduces the motivational backgrounds for the development of the work, later on presents the related work and then continues with the main achievements obtained, while in the end a few conclusions and future research directions are discussed.

The main four chapters in this thesis show the main contributions of our work and address the following topics: we present an efficient storage mechanism for hybrid CPU/GPU-based systems, and compare it with other known approaches to date. We then propose an innovative, highly parallel approach to the fast construction of very large Aho-Corasick and Commentz-Walter pattern matching automata on hybrid CPU/GPU-based systems, and compare it to existing sequential approaches. Later on we propose a new heuristics for profiling malicious behavior based on system-call analysis, using the Aho-Corasick algorithm, and also discuss a new hybrid compression mechanism for this automata based on dynamic programming, that reduces the storage space required for it. Finally, we propose an efficient new method for collecting metadata and helping the human operator or automated tools used in the data recovery process as part of the computer forensic investigations.

The research and models obtained in this thesis extend the existing literature in the field of intrusion detection systems (malicious code detection in particular), by presenting: an innovative heuristics for behavioral analysis of code in executable files through system-call interception, a novel and highly efficient approach to efficiently storing pattern-matching automata in hybrid CPU/GPU-based systems, which serves as the base for an innovative model for the fast, GPU-accelerated construction of such very large automata (for both the Aho-Corasick and Commentz-Walter algorithms) and a new hybrid compression technique applied to the Aho-Corasick automata using a dynamic programming approach, that reduces storage space significantly.

Present paper describes the details of the study of the work that has been done in the field of text searching, a subdivision of Natural Language Processing (NLP) till date. The work in this project includes the study and analysis of some of the algorithms devised under this topic, finding the faults or loopholes and trying to increase the efficiency of these algorithms devised, taking forward the range of work done on it. Experiment is done on the various text search algorithms that have been devised namely Knuth-Morris Pratt Algorithm, Naïve Search Algorithm and Boyer-Moore Algorithm by providing text input of various sizes and analyzing their behavior on these variable inputs. After analyzing and doing the study on these algorithms the results states that Boyer-Moore"s Algorithm worked quite well and efficiently than the rest of them when dealing with larger data sets. When working on larger alphabets the Knuth-Morris Pratt Algorithm works quite well. These algorithms do have drawbacks as their efficiency depends upon the alphabet/pattern size. And also this paper describes new pattern matching algorithm that uses delimiter for shifting the pattern while matching.

The dermatoglyphical science analyses an individual’s innate potentials and talents based on the study of their fingerprints, soles and feet skin ridges.  Since the fingers are connected to different lobes of the brain, responsible for coordinating different functions, it is important to correctly acquire an image of the fingerprints. A phase only correlation based technique provides an easy and fast method for automatic pattern matching and classification of fingerprints.

This paper focuses on the automatic inspection of bare-boards. The loaded-board inspection systems can be found in the following references [7, 27, 28]. Automatic optical inspection has the following characteristics that contact testing (electronic testing) does not have [11, 29, 30]: