Automated Caching of Behavioral Patterns for Efficient Run-Time Monitoring

Author

Stakhanova, Natalia ; Basu, Samik ; Lutz, Robyn R. ; Wong, Johnny

Author_Institution

Dept. of Comput. Sci., Iowa State Univ., Ames, IA

fYear

2006

fDate

Sept. 29 2006-Oct. 1 2006

Firstpage

333

Lastpage

340

Abstract

Run-time monitoring is a powerful approach for dynamically detecting faults or malicious activity of software systems. However, there are often two obstacles to the implementation of this approach in practice: (1) that developing correct and/or faulty behavioral patterns can be a difficult, labor-intensive process, and (2) that use of such pattern-monitoring must provide rapid turn-around or response time. We present a novel data structure, called extended action graph, and associated algorithms to overcome these drawbacks. At its core, our technique relies on effectively identifying and caching specifications from (correct/faulty) patterns learned via machine-learning algorithm. We describe the design and implementation of our technique and show its practical applicability in the domain of security monitoring of sendmail software

Keywords

cache storage; data structures; learning (artificial intelligence); security of data; automated behavioral pattern caching; data structure; extended action graph; fault detection; machine learning; runtime monitoring; security monitoring; sendmail software; Computer science; Computerized monitoring; Data structures; Delay; Fault detection; Intrusion detection; Laboratories; Propulsion; Runtime; Software systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable, Autonomic and Secure Computing, 2nd IEEE International Symposium on

Conference_Location

Indianapolis, IN

Print_ISBN

0-7695-2539-3

Type

conf

DOI

10.1109/DASC.2006.23

Filename

4030900