Term rewriting and all that
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
Finite state machines for strings over infinite alphabets
ACM Transactions on Computational Logic (TOCL)
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Run-Time Detection of Malwares via Dynamic Control-Flow Inspection
ASAP '09 Proceedings of the 2009 20th IEEE International Conference on Application-specific Systems, Architectures and Processors
Behavior based software theft detection
Proceedings of the 16th ACM conference on Computer and communications security
Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Program Behavior Discovery and Verification: A Graph Grammar Approach
IEEE Transactions on Software Engineering
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Identifying Dormant Functionality in Malware Programs
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Fast malware classification by automated behavioral graph matching
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Expressive, efficient and obfuscation resilient behavior based IDS
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Behavior abstraction in malware analysis
RV'10 Proceedings of the First international conference on Runtime verification
Generating Lightweight Behavioral Signature for Malware Detection in People-Centric Sensing
Wireless Personal Communications: An International Journal
| Hi-index | 0.00 |
A number of advances in software security over the past decade have foundations in the behavior matching problem: given a specification of software behavior and a concrete execution trace, determine whether the behavior is exhibited by the execution trace. Despite the importance of this problem, precise descriptions of algorithms for its solution, and rigorous analyses of their complexity, are missing in the literature. In this paper, we formalize the notion of behavior matching used by the software security community, study the complexity of the problem, and give several algorithms for its solution, both exact and approximate. We find that the problem is in general not efficiently solvable, i.e. behavior matching is NP-Complete. We demonstrate empirically that our approximation algorithms can be used to efficiently find accurate solutions to real instances.