Parameterized dictionary matching and recognition with one gap

Abstract

Dictionary Matching is a variant of the Pattern Matching problem where multiple patterns are simultaneously matched to a single text. In case where the patterns contain sequences of don't care symbols, the problem is called Dictionary Matching with Gaps. The problem is related to cyber security, where the patterns represent the malware sequences we want to detect in the text, which may appear in several packets. Another famous variant of Pattern matching is the Parameterized Matching, where two equal-length strings are a parameterized match if there exists a bijection on the alphabets, such that one string matches the other under the bijection. In this paper the problem of Parameterized Dictionary Matching with One Gap is described, which is an extension of the Dictionary Matching with Gaps, where the parameterized match serves as encryption system of the malware sequences. The paper presents two algorithms solving the Parameterized Dictionary Matching with One Gap, for dictionaries with non-uniformly bounded gaps. The first solves the problem with a query time of O(|T|δmaxlog2⁡d+occ), while the second solution has a query time of O(|T|δmax+occ), where |T| is the size of the text, d is the number of gapped patterns in the dictionary, δmax is the difference between the highest upper bound and the lowest lower bound of the gaps and occ is the number of the gapped patterns reported as output. We also suggest the related problem of Parameterized Dictionary Recognition with One Gap, which requires reporting a single parameterized appearance of each gapped pattern. This is of interest in case we want only to know which malware sequences where detected in the text, and not the details of all their appearances in the text, that may be numerous. We present similar algorithms for this problem as well.