{"id":"https://openalex.org/W4416666068","doi":"https://doi.org/10.3390/a18120742","title":"The Aho-Corasick Paradigm in Modern Antivirus Engines: A Cornerstone of Signature-Based Malware Detection","display_name":"The Aho-Corasick Paradigm in Modern Antivirus Engines: A Cornerstone of Signature-Based Malware Detection","publication_year":2025,"publication_date":"2025-11-25","ids":{"openalex":"https://openalex.org/W4416666068","doi":"https://doi.org/10.3390/a18120742"},"language":"en","primary_location":{"id":"doi:10.3390/a18120742","is_oa":true,"landing_page_url":"https://doi.org/10.3390/a18120742","pdf_url":"https://www.mdpi.com/1999-4893/18/12/742/pdf","source":{"id":"https://openalex.org/S190629608","display_name":"Algorithms","issn_l":"1999-4893","issn":["1999-4893"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Algorithms","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1999-4893/18/12/742/pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023344080","display_name":"Paul A. Gagniuc","orcid":"https://orcid.org/0000-0001-9350-1530"},"institutions":[{"id":"https://openalex.org/I61641377","display_name":"Universitatea Na\u021bional\u0103 de \u0218tiin\u021b\u0103 \u0219i Tehnologie Politehnica Bucure\u0219ti","ror":"https://ror.org/0558j5q12","country_code":"RO","type":"education","lineage":["https://openalex.org/I61641377"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Paul A. Gagniuc","raw_affiliation_strings":["Faculty of Engineering in Foreign Languages, National University of Science and Technology Politehnica Bucharest, RO-060042 Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering in Foreign Languages, National University of Science and Technology Politehnica Bucharest, RO-060042 Bucharest, Romania","institution_ids":["https://openalex.org/I61641377"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002222247","display_name":"Ionel-Bujorel P\u0103v\u0103loiu","orcid":"https://orcid.org/0000-0003-2651-7975"},"institutions":[{"id":"https://openalex.org/I61641377","display_name":"Universitatea Na\u021bional\u0103 de \u0218tiin\u021b\u0103 \u0219i Tehnologie Politehnica Bucure\u0219ti","ror":"https://ror.org/0558j5q12","country_code":"RO","type":"education","lineage":["https://openalex.org/I61641377"]}],"countries":["RO"],"is_corresponding":true,"raw_author_name":"Ionel-Bujorel P\u0103v\u0103loiu","raw_affiliation_strings":["Faculty of Engineering in Foreign Languages, National University of Science and Technology Politehnica Bucharest, RO-060042 Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering in Foreign Languages, National University of Science and Technology Politehnica Bucharest, RO-060042 Bucharest, Romania","institution_ids":["https://openalex.org/I61641377"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5005878732","display_name":"Maria-Iuliana Dasc\u0103lu","orcid":"https://orcid.org/0000-0001-8824-5704"},"institutions":[{"id":"https://openalex.org/I61641377","display_name":"Universitatea Na\u021bional\u0103 de \u0218tiin\u021b\u0103 \u0219i Tehnologie Politehnica Bucure\u0219ti","ror":"https://ror.org/0558j5q12","country_code":"RO","type":"education","lineage":["https://openalex.org/I61641377"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Maria-Iuliana Dasc\u0103lu","raw_affiliation_strings":["Faculty of Engineering in Foreign Languages, National University of Science and Technology Politehnica Bucharest, RO-060042 Bucharest, Romania"],"affiliations":[{"raw_affiliation_string":"Faculty of Engineering in Foreign Languages, National University of Science and Technology Politehnica Bucharest, RO-060042 Bucharest, Romania","institution_ids":["https://openalex.org/I61641377"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5002222247"],"corresponding_institution_ids":["https://openalex.org/I61641377"],"apc_list":{"value":1400,"currency":"CHF","value_usd":1515},"apc_paid":{"value":1400,"currency":"CHF","value_usd":1515},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.46636654,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"18","issue":"12","first_page":"742","last_page":"742"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.5859000086784363,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.5859000086784363,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.15049999952316284,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.06109999865293503,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6496000289916992},{"id":"https://openalex.org/keywords/automaton","display_name":"Automaton","score":0.6035000085830688},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.4699999988079071},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.4672999978065491},{"id":"https://openalex.org/keywords/cellular-automaton","display_name":"Cellular automaton","score":0.44850000739097595},{"id":"https://openalex.org/keywords/data-structure","display_name":"Data structure","score":0.444599986076355},{"id":"https://openalex.org/keywords/pattern-matching","display_name":"Pattern matching","score":0.4296000003814697},{"id":"https://openalex.org/keywords/constant","display_name":"Constant (computer programming)","score":0.38429999351501465},{"id":"https://openalex.org/keywords/property","display_name":"Property (philosophy)","score":0.3621000051498413}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8185999989509583},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6496000289916992},{"id":"https://openalex.org/C112505250","wikidata":"https://www.wikidata.org/wiki/Q787116","display_name":"Automaton","level":2,"score":0.6035000085830688},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.5809999704360962},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.4699999988079071},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.4672999978065491},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46619999408721924},{"id":"https://openalex.org/C35527583","wikidata":"https://www.wikidata.org/wiki/Q189156","display_name":"Cellular automaton","level":2,"score":0.44850000739097595},{"id":"https://openalex.org/C162319229","wikidata":"https://www.wikidata.org/wiki/Q175263","display_name":"Data structure","level":2,"score":0.444599986076355},{"id":"https://openalex.org/C68859911","wikidata":"https://www.wikidata.org/wiki/Q1503724","display_name":"Pattern matching","level":2,"score":0.4296000003814697},{"id":"https://openalex.org/C2777027219","wikidata":"https://www.wikidata.org/wiki/Q1284190","display_name":"Constant (computer programming)","level":2,"score":0.38429999351501465},{"id":"https://openalex.org/C189950617","wikidata":"https://www.wikidata.org/wiki/Q937228","display_name":"Property (philosophy)","level":2,"score":0.3621000051498413},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.34540000557899475},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.34119999408721924},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.3384000062942505},{"id":"https://openalex.org/C100776233","wikidata":"https://www.wikidata.org/wiki/Q2532492","display_name":"Bridge (graph theory)","level":2,"score":0.33739998936653137},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.33559998869895935},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.3303000032901764},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3280999958515167},{"id":"https://openalex.org/C138673069","wikidata":"https://www.wikidata.org/wiki/Q322229","display_name":"Tracing","level":2,"score":0.3043999969959259},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.288100004196167},{"id":"https://openalex.org/C21308566","wikidata":"https://www.wikidata.org/wiki/Q7169365","display_name":"Permutation (music)","level":2,"score":0.28290000557899475},{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.2775000035762787},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.2736999988555908},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2696000039577484},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.26930001378059387},{"id":"https://openalex.org/C7757238","wikidata":"https://www.wikidata.org/wiki/Q374040","display_name":"String searching algorithm","level":3,"score":0.26260000467300415},{"id":"https://openalex.org/C155223936","wikidata":"https://www.wikidata.org/wiki/Q682875","display_name":"Domino effect","level":2,"score":0.260699987411499},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.2565000057220459},{"id":"https://openalex.org/C19407854","wikidata":"https://www.wikidata.org/wiki/Q485","display_name":"Computer virus","level":2,"score":0.25360000133514404},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.25209999084472656}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/a18120742","is_oa":true,"landing_page_url":"https://doi.org/10.3390/a18120742","pdf_url":"https://www.mdpi.com/1999-4893/18/12/742/pdf","source":{"id":"https://openalex.org/S190629608","display_name":"Algorithms","issn_l":"1999-4893","issn":["1999-4893"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Algorithms","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:37dc5e7a21754df1b15e5e660c842e57","is_oa":true,"landing_page_url":"https://doaj.org/article/37dc5e7a21754df1b15e5e660c842e57","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Algorithms, Vol 18, Iss 12, p 742 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/a18120742","is_oa":true,"landing_page_url":"https://doi.org/10.3390/a18120742","pdf_url":"https://www.mdpi.com/1999-4893/18/12/742/pdf","source":{"id":"https://openalex.org/S190629608","display_name":"Algorithms","issn_l":"1999-4893","issn":["1999-4893"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Algorithms","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416666068.pdf","grobid_xml":"https://content.openalex.org/works/W4416666068.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W1120278242","https://openalex.org/W1514233826","https://openalex.org/W1600162087","https://openalex.org/W1985108724","https://openalex.org/W2025470700","https://openalex.org/W2049650913","https://openalex.org/W2051200211","https://openalex.org/W2074373096","https://openalex.org/W2099964107","https://openalex.org/W2107867209","https://openalex.org/W2118754356","https://openalex.org/W2120944239","https://openalex.org/W2124792617","https://openalex.org/W2138813689","https://openalex.org/W2145492393","https://openalex.org/W2148016496","https://openalex.org/W2150210843","https://openalex.org/W2157059791","https://openalex.org/W2178228987","https://openalex.org/W2191008885","https://openalex.org/W2279352033","https://openalex.org/W2483752640","https://openalex.org/W2506568819","https://openalex.org/W2528800817","https://openalex.org/W2587256626","https://openalex.org/W2738088959","https://openalex.org/W2761412199","https://openalex.org/W2946483985","https://openalex.org/W2963155255","https://openalex.org/W2971841945","https://openalex.org/W2974932825","https://openalex.org/W3114468998","https://openalex.org/W4210951666","https://openalex.org/W4244880809","https://openalex.org/W4321497857","https://openalex.org/W4384067556","https://openalex.org/W4406570572","https://openalex.org/W4408410298","https://openalex.org/W4413063655","https://openalex.org/W4413080312"],"related_works":[],"abstract_inverted_index":{"The":[0,128],"Aho-Corasick":[1,107,133],"(AC)":[2],"algorithm":[3,41,180],"remains":[4],"one":[5],"of":[6,39,70,106,115,131,168],"the":[7,37,40,71,104,132,179],"most":[8],"influential":[9],"developments":[10],"in":[11,23,124,152],"deterministic":[12,129,176],"multi-pattern":[13],"matching":[14],"due":[15],"to":[16,19,57,96,140,200],"its":[17,77,90,196],"ability":[18],"recognize":[20],"multiple":[21],"strings":[22],"linear":[24],"time":[25],"within":[26,109],"a":[27,45,67,171],"single":[28],"data":[29],"stream.":[30],"Originally":[31],"conceived":[32],"for":[33,183],"bibliographic":[34],"text":[35],"retrieval,":[36],"structure":[38,130],"is":[42],"based":[43],"on":[44,76],"trie":[46],"augmented":[47],"with":[48,74],"failure":[49],"links":[50],"and":[51,83,121,149,161,187,205],"output":[52],"functions,":[53],"which":[54],"has":[55],"proven":[56],"be":[58],"remarkably":[59],"adaptable":[60],"across":[61],"computational":[62,173],"domains.":[63],"This":[64,100,156],"review":[65],"presents":[66],"comprehensive":[68],"synthesis":[69],"AC":[72,198],"algorithm,":[73],"details":[75],"theoretical":[78],"foundations,":[79],"formal":[80,202],"automaton":[81,134],"structure,":[82],"operational":[84],"principles,":[85],"as":[86,88],"well":[87],"tracing":[89],"historical":[91],"evolution":[92],"from":[93],"text-search":[94],"systems":[95],"large-scale":[97,122],"malware":[98,163],"detection.":[99],"work":[101],"further":[102],"explores":[103],"integration":[105],"automata":[108,203],"modern":[110,206],"antivirus":[111,185],"architectures,":[112],"describing":[113],"mechanisms":[114],"signature":[116,154],"compilation,":[117],"real-time":[118,184],"scanning":[119,186],"pipelines,":[120],"deployment":[123],"contemporary":[125],"cybersecurity":[126,207],"systems.":[127],"provides":[135],"linear-time":[136,157],"pattern":[137],"recognition":[138],"relative":[139],"input":[141,169],"size,":[142],"while":[143],"practical":[144],"performance":[145],"characteristics":[146],"reflect":[147],"memory":[148],"architecture":[150],"constraints":[151],"large":[153],"sets.":[155],"property":[158],"enables":[159],"predictable":[160],"efficient":[162],"detection,":[164],"where":[165],"each":[166],"byte":[167],"induces":[170],"constant":[172],"cost.":[174],"Such":[175],"efficiency":[177],"makes":[178],"ideally":[181],"suited":[182],"signature-based":[188],"threat":[189],"identification.":[190],"Thus,":[191],"nearly":[192],"fifty":[193],"years":[194],"after":[195],"inception,":[197],"continues":[199],"bridge":[201],"theory":[204],"practice.":[208]},"counts_by_year":[],"updated_date":"2026-03-08T06:56:09.383167","created_date":"2025-11-25T00:00:00"}