NSA ICPC Challenge 2022

Contests/ NSA ICPC Challenge 2022/ Problems/ Find the Malicious Bytes part 2
Log in
Hide

Problem B
Find the Malicious Bytes part 2

Background

A company named VitaminC has the job of detecting current and new variations of network viruses and exploits. They have been given access to client companies’ networks so that IP traffic may be monitored for malicious data traversing the network. They detect this malicious data by looking for virus signatures (a sequence of bytes that have been linked to a known virus).

VitaminC has recently been tasked with identifying IP addresses that are potentially sending malicious packets for further analysis. They have been provided a virus signature (byte sequence) for a known virus that they want to flag within network traffic. The network traffic they have received has been parsed out in such that the only fields available are the IP address and some data bytes.

Part 2

VitaminC is developing a more advanced predictive capability that looks for viruses with modified byte sequences attempting to hide via obfuscation. Obfuscation modifies byte sequences such that a direct comparison will not match the virus signature. A malicious actor may pad a virus with extra bytes throughout in order to disguise the original virus.

The objective is to find the IP addresses that are associated with the target malicious bytes.

Input

Same as part 1, but the malicious string may now be padded with extra bytes for obscurity. For example, 23 79 e8 ab would be considered a match against virus signature 23 79 ab.

The first line is a sequence of bytes separated by a space character. This is the target malicious byte sequence. The second line is blank. Each remaining line contains an IP address and a byte sequence, separated by a space. These are the byte sequences to search.

Output

Output is a list of one or more IP addresses (one per line) that contain the target byte sequence in their data.

Sample Input 1 Sample Output 1 
23 79 ab
            
192.168.0.23 0a 23 74 ab fe 12 34 56
192.168.0.23 0a 23 69 ab fe 12 34 56
192.168.0.23 0a 23 77 ab fe 12 34 56
192.168.0.23 0a 23 74 ab fe 12 34 56
192.168.0.27 0a 79 79 ab 23 79 56 ab
192.168.0.27 0a 23 fe 79 34 ab fe 12
192.168.0.25 0a 23 ab 79 ac cb 34 56
192.168.0.35 0a 23 ab ab 23 ab 79 ab

192.168.0.27
192.168.0.35
Hide

Please log in to submit a solution to this problem

Log in