NSA ICPC Challenge 2022

Contests/ NSA ICPC Challenge 2022/ Problems/ Find the Malicious Bytes part 3
Log in
Hide

Problem C
Find the Malicious Bytes part 3

Background

A company named VitaminC has the job of detecting current and new variations of network viruses and exploits. They have been given access to client companies’ networks so that IP traffic may be monitored for malicious data traversing the network. They detect this malicious data by looking for virus signatures (a sequence of bytes that have been linked to a known virus).

VitaminC has recently been tasked with identifying IP addresses that are potentially sending malicious packets for further analysis. They have been provided a virus signature (byte sequence) for a known virus that they want to flag within network traffic. The network traffic they have received has been parsed out in such that the only fields available are the IP address and some data bytes.

Part 3

In this part, VitaminC has not been given the malicious string. VitaminC has identified packets that appear to be infected and packets that appear to not be affected. Based on the identified good and bad packets, VitaminC needs to determine a possible malicious string sequence that is found in the infected packets, but not in the good packets. There is no signature obscurity in this scenario.

Input

The input is in three sections, separated by a blank line. The first section is samples of malicious byte sequences. The second section are samples of non-malicious bytes sequences. The third section contains IP addresses and their associated byte sequences. Input can be 3000 plus bytes per line.

Output

Output is a list of one or more IP addresses (one per line) that contain the target byte sequence in their data.

Sample Input 1 Sample Output 1 
12 34 74 ab fe 23 43 53
12 34 74 ab fe 87 ab 74
12 12 34 74 ab 34 cc cc
11 31 75 cd 12 34 74 ab

12 34 75 ab 12 23 43 53
12 35 74 ac fe 87 ab 74
12 34 d4 ab fe 34 cc cc
12 36 74 bb 11 aa cc aa

192.168.0.23 0a 23 74 ab fe 12 34 56 12
192.168.0.23 0a 23 69 ab fe 12 34 56 12
192.168.0.23 0a 23 77 ab fe 12 34 56 ef
192.168.0.23 0a 23 74 ab fe 12 34 56 ab
192.168.0.27 0a 79 79 ab 23 79 ab 56 ab
192.168.0.31 12 23 79 34 74 12 34 74 ab
192.168.0.27 0a 23 79 ab fe 12 34 56 ab
192.168.0.33 12 34 74 ab 12 12 34 74 74

192.168.0.31
192.168.0.33
Hide

Please log in to submit a solution to this problem

Log in