论文信息 - On the Complexity of Monitoring Orchids Signatures

On the Complexity of Monitoring Orchids Signatures

Modern monitoring tools such as our intrusion detection tool Orchids work by firing new monitor instances dynamically. Given an Orchids signature (a.k.a. a rule, a specification), what is the complexity of checking that specification, that signature? In other words, let f(n) be the maximum number of monitor instances that can be fired on a sequence of n events: we design an algorithm that decides whether f(n) is asymptotically exponential or polynomial, and in the latter case returns an exponent d such that \(f(n) = \varTheta (n^d)\). Ultimately, the problem reduces to the following mathematical question, which may have other uses in other domains: given a system of recurrence equations described using the operators \(+\) and \(\max \), and defining integer sequences \(u_n\), what is the asymptotic behavior of \(u_n\) as n tends to infinity? We show that, under simple assumptions, \(u_n\) is either exponential or polynomial, and that this can be decided, and the exponent computed, using a simple modification of Tarjan’s strongly connected components algorithm, in linear time.

Jean Goubault-Larrecq | Jean-Philippe Lachance

[1] P. Flajolet,et al. Analytic Combinatorics: RANDOM STRUCTURES , 2009 .

[2] Klaus Havelund,et al. Specification of Parametric Monitors , 2015, SyDe Summer School.

[3] Yi Zhang,et al. RV-Monitor: Efficient Parametric Runtime Verification with Simultaneous Properties , 2014, RV.

[4] Jean Goubault-Larrecq,et al. The Orchids Intrusion Detection Tool , 2005, CAV.

[5] Robert E. Tarjan,et al. Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[6] Jean Goubault-Larrecq,et al. A Smell of Orchids , 2008, RV.

[7] Mounir Assaf,et al. From qualitative to quantitative program analysis : permissive enforcement of secure information flow. (Approches qualitatives et quantitatives d'analyse de programmes : mise en oeuvre permissive de flux d'information sécurisés) , 2015 .

[8] Jean Goubault-Larrecq,et al. Log auditing through model-checking , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9] Jean Goubault-Larrecq,et al. On the Efficiency of Mathematics in Intrusion Detection: The NetEntropy Case , 2013, FPS.

[10] Felix Klaedtke,et al. Monitoring Metric First-Order Temporal Properties , 2015, J. ACM.

[11] Philippe Flajolet,et al. Analytic Combinatorics , 2009 .