Automated caching of behavioral patterns for efficient run-time

Stakhanova, Natalia, Basu, Samik, Lutz, Robyn and Wong, Johnny (2006) Automated caching of behavioral patterns for efficient run-time. Technical Report 06-06, Computer Science, Iowa State University.

Abstract

Run-time monitoring is a powerful approach for dy- namically detecting faults or malicious activity of software systems. However, there are often two obsta- cles to the implementation of this approach in prac- tice: (1) that developing correct and/or faulty be- havioral patterns can be a difficult, labor-intensive process, and (2) that use of such pattern-monitoring must provide rapid turn-around or response time. We present a novel data structure, called extended action graph, and associated algorithms to overcome these drawbacks. At its core, our technique relies on ef- fectively identifying and caching specifications from (correct/faulty) patterns learnt via machine-learning algorithm. We describe the design and implementa- tion of our technique and show its practical applicabil- ity in the domain of security monitoring of sendmail software.