From d5cac570d6aa541df1a30dcf891e9563a476608b Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Tue, 11 Aug 2020 17:13:40 +0200
Subject: Improved DGA detection algoritm

---
 src/lib/ndpi_main.c | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

(limited to 'src/lib/ndpi_main.c')

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 83c10a1d7..79fe7c836 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6579,7 +6579,7 @@ static int enough(int a, int b) {
 
 /* ******************************************************************** */
 
-// #define DGA_DEBUG 1
+/* #define DGA_DEBUG 1 */
 
 int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 			struct ndpi_flow_struct *flow,
@@ -6656,18 +6656,16 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
 	printf("-> Checking %c%c\n", word[i], word[i+1]);
 #endif
 
-	if(ndpi_match_bigram(ndpi_str, &ndpi_str->bigrams_automa, &word[i])) {
-	  num_found++;
-	} else {
-	  if(ndpi_match_bigram(ndpi_str,
-			       &ndpi_str->impossible_bigrams_automa,
-			       &word[i])) {
+	if(ndpi_match_bigram(ndpi_str,
+			     &ndpi_str->impossible_bigrams_automa,
+			     &word[i])) {
 #ifdef DGA_DEBUG
-	    printf("IMPOSSIBLE %s\n", &word[i]);
+	  printf("IMPOSSIBLE %s\n", &word[i]);
 #endif
-	    num_impossible++;
-	  }
-	}
+	  num_impossible++;
+	} else if(ndpi_match_bigram(ndpi_str, &ndpi_str->bigrams_automa, &word[i])) {
+	  num_found++;
+	}	      
       } /* for */
     } /* for */
 
-- 
cgit v1.2.3