zbMATH — the first resource for mathematics

Automation of the construction of models of normal program behavior. (English. Russian original) Zbl 1253.68098
Program. Comput. Softw. 38, No. 4, 210-217 (2012); translation from Programmirovanie 38, No. 4 (2012).
Summary: Algorithmic description of the normal behavior of network programs is considered. A mechanism for detecting malicious code intrusion at runtime is proposed. An algorithm for constructing the set of normal behavior of a program on the basis of a set of normal behavior samples is presented.
68N30 Mathematical aspects of software engineering (specification, verification, metrics, requirements, etc.)
68N20 Theory of compilers and interpreters
Full Text: DOI
[1] Aho, A.V., Sethi, R., and Ullman, J.D., Compilers: Principles, Techniques, and Tools, Reading, MA: Addison Wesley, 1984. · Zbl 1155.68020
[2] Gamayunov, D.Yu., Gornak, T.A., Sapozhnikov, A.V., Sakharov, F.V., and Toroshchin, E.S., Granular Monitoring of the Security of Application Behavior by Linux Kernel, INSIDE, Inf. Bezop., 2010, pp. 54–58.
[3] Smelyanskii, R.L., Mathematical Model of the Operation of Distributed Computing Networks, Vestn. Mosk. Gos. Univ., 1990.
[4] Shalimov, A.V., Method for Estimating the Execution Frequency of Code Fragments of a Sequential Program, Model. Anal. Inf. Syst., 2010, vol. 17, no. 2, pp. 122–132.
[5] Smelyanskii, R.L. and Gamayunov, D.Yu., A Model of the Behavior of Network Objects in Distributed Computer Systems, Programming Comput. Software, 2007, vol. 33, no. 4, pp. 195–203. · Zbl 1154.68338 · doi:10.1134/S0361768807040020
[6] Aktug, I., Dam, M., and Gurov, D., Provably Correct Runtime Monitoring, Formal Methods: 15th Int. Symp. Formal Methods, Turku, Finland, 2008, pp. 262–277. · Zbl 1192.68116
[7] Barringer, H., Goldberg, A., Havelund, K., and Sen, K., Rule-Based Runtime Verification, Lect. Notes Comput. Sci., 2004, vol. 2937, pp. 44–57. · Zbl 1202.68243 · doi:10.1007/978-3-540-24622-0_5
[8] Bauer, L., Ligatti, J., and Walker, D., Composing Expressive Run-Time Security Policies, ACM Trans. Software Eng. Methodol., 2009, vol. 18.
[9] Chen, F., D’Amorim, M., and Rosu, G.A., A Formal Monitoring-Based Framework for Software Development and Analysis, 6th Int. Conf. on Formal Engineering Methods (ICFEM), Seattle, WA, USA, November 8–12, 2004; Lect. Notes Comput. Sci., 2004. vol. 3308, pp. 357–372.
[10] Chen, F. and Rosu, G., Mop: An Efficient and Generic Runtime Verification Framework, Object-Oriented Programming, Systems, Languages and Applications (OOP-SLA), 2007, pp. 569–588.
[11] Gamayunov, D., Nguyen, T.M.Q., Sakharov, F., and Toroshchin, E., Racewalk: Fast Intrusion Frequency Analysis and Classification for Shellcode Detection in Network Flow, 5th European Conf. on Computer Network Defense (EC2ND 2009), Milan: IEEE Comput. Soc., 2009.
[12] Havelund, K. and Rosu, G., An Overview of the Runtime Verification Tool Java PathExplorer, Formal Methods Syst. Des., 2004, vol. 24, pp. 189–215. · Zbl 1073.68549 · doi:10.1023/B:FORM.0000017721.39909.4b
[13] Marriott, K., Stuckey, P.J., and Sulzmann, M., Resource Usage Verification, First Asian Programming Languages Symposium, 2003. · Zbl 1254.68082
[14] Muchnik, S.S., Advanced Compiler Design and Implementation, San Francisco: Morgan Kaufmann, 1998.
[15] Su, Z. and Wassermann, G., The Essence of Command Injection Attacks in Web Applications, Proc. of the 33rd Annual Symp. on Principles of Programming Languages (POPL-2006), January 11–13, 2006, Charleston, South Carolina, USA, 2006. · Zbl 1369.68158
[16] Tlili, S., Yang, Z., Ling, H.Z., and Debbabi, M., A Hybrid Approach for Safe Memory Management in C, Computer Security Laboratory, Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Quebec, 2008. · Zbl 1170.68415
[17] Yang, Q., Li, J.J., and Weiss, D.M., A Survey of Coverage-Based Testing Tools, Comput. J., 2009, vol. 52, pp. 589–597. · Zbl 05720654 · doi:10.1093/comjnl/bxm021
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.