Improved DGA detection algoritm

author: Luca Deri <deri@ntop.org> 2020-08-11 17:13:40 +0200
committer: Luca Deri <deri@ntop.org> 2020-08-11 17:13:40 +0200
commit: d5cac570d6aa541df1a30dcf891e9563a476608b (patch)
tree: f808bf0b5cff5a39c9f02546202dea888e68f127 /src/lib/ndpi_main.c
parent: 0e363d0ca6ab4f1df16159e3d3b4bebba9372772 (diff)
1 files changed, 9 insertions, 11 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 83c10a1d7..79fe7c836 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6579,7 +6579,7 @@ static int enough(int a, int b) {
 
 /* ******************************************************************** */
 
-// #define DGA_DEBUG 1
+/* #define DGA_DEBUG 1 */
 
 int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 			struct ndpi_flow_struct *flow,
@@ -6656,18 +6656,16 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 	printf("-> Checking %c%c\n", word[i], word[i+1]);
 #endif
 
-	if(ndpi_match_bigram(ndpi_str, &ndpi_str->bigrams_automa, &word[i])) {
-	  num_found++;
-	} else {
-	  if(ndpi_match_bigram(ndpi_str,
-			       &ndpi_str->impossible_bigrams_automa,
-			       &word[i])) {
+	if(ndpi_match_bigram(ndpi_str,
+			     &ndpi_str->impossible_bigrams_automa,
+			     &word[i])) {
 #ifdef DGA_DEBUG
-	    printf("IMPOSSIBLE %s\n", &word[i]);
+	  printf("IMPOSSIBLE %s\n", &word[i]);
 #endif
-	    num_impossible++;
-	  }
-	}
+	  num_impossible++;
+	} else if(ndpi_match_bigram(ndpi_str, &ndpi_str->bigrams_automa, &word[i])) {
+	  num_found++;
+	}	      
       } /* for */
     } /* for */
author	Luca Deri <deri@ntop.org>	2020-08-11 17:13:40 +0200
committer	Luca Deri <deri@ntop.org>	2020-08-11 17:13:40 +0200
commit	d5cac570d6aa541df1a30dcf891e9563a476608b (patch)
tree	f808bf0b5cff5a39c9f02546202dea888e68f127 /src/lib/ndpi_main.c
parent	0e363d0ca6ab4f1df16159e3d3b4bebba9372772 (diff)