
Converting Boolean-Logic Decision Trees to Finite State Machines - chris408
https://medium.com/@cybermaggedon/converting-boolean-logic-decision-trees-to-finite-state-machines-180ad195abf2
======
cybermaggedon
"When analyzing cybersecurity events, the detection algorithm evaluates
attributes against boolean expressions to determine whether the event belongs
to a class. This article describes converting boolean expressions to finite
state machines to permit simpler, high-performance evaluation. The open-source
project Cyberprobe features this implementation. Conversion of rules to finite
state machine (FSM) and application of the rules in FSM form is implemented in
Python. Cyberprobe supports the use of millions of rules, which can be applied
at greater than 200k events/second on a single processor core."

