Aho-Corasick Algorithm
When building my project Process Sentinel, I came across what I thought was an opportunity for optimization. The problem was essentially I have a list of chains which represent process parent-child relationships. I would compare these chains against a set of suspicious chains, which would then report back if a process chain was suspicious and the severity of it. Initially, I took a sort of naive approach: func containsExactPattern(chain []string, pattern []string) bool { if len(chain) < len(pattern) { return false } for i := 0; i <= len(chain)-len(pattern); i++ { match := true for j := 0; j < len(pattern); j++ { if chain[i+j] != pattern[j] { match = false break } } if match { return true } } return false } Here I am just doing a simple sliding window that compares a pattern—a given suspicious chain—against each process in a chain. While this absolutely works for this project and any optimization would absolutely be over-engineering, I was curious if there was a better way to do this if I had a very large amount of patterns to check against a given chain. ...