Mining Hierarchical Scenario-Based Specifications

Abstract—Scalability over long traces, as well as comprehensibility and expressivity of results, are major challenges for dynamic analysis approaches to specification mining. In this work we present a novel use of object hierarchies over traces of inter-object method calls, as an abstraction/refinement mechanism that enables user-guided, top-down or bottom-up mining of layered scenario-based specifications, broken down by hierarchies embedded in the system under investigation. We do this using data mining methods that provide statistically significant sound and complete results modulo user-defined thresholds, in the context of Damm and Harel’s live sequence charts (LSC); a visual, modal, scenario-based, inter-object language. Thus, scalability, comprehensibility, and expressivity are all addressed. Our technical contribution includes a formal definition of hierarchical inter-object traces, and algorithms for ‘zoomingout’ and ‘zooming-in’, used to move between abstraction levels on the mined specifications. An evaluation of our approach based on several case studies shows promising results. I

Inferring Concise Specifications of APIs

Modern software relies on libraries and uses them via application programming interfaces (APIs). Correct API usage as well as many software engineering tasks are enabled when APIs have formal specifications. In this work, we analyze the implementation of each method in an API to infer a formal postcondition. Conventional wisdom is that, if one has preconditions, then one can use the strongest postcondition predicate transformer (SP) to infer postconditions. However, SP yields postconditions that are exponentially large, which makes them difficult to use, either by humans or by tools. Our key idea is an algorithm that converts such exponentially large specifications into a form that is more concise and thus more usable. This is done by leveraging the structure of the specifications that result from the use of SP. We applied our technique to infer postconditions for over 2,300 methods in seven popular Java libraries. Our technique was able to infer specifications for 75.7% of these methods, each of which was verified using an Extended Static Checker. We also found that 84.6% of resulting specifications were less than 1/4 page (20 lines) in length. Our technique was able to reduce the length of SMT proofs needed for verifying implementations by 76.7% and reduced prover execution time by 26.7%

Intelligent multi-agent system for intrusion detection and countermeasures

Intelligent mobile agent systems offer a new approach to implementing intrusion detection systems (IDS). The prototype intrusion detection system, MAIDS, demonstrates the benefits of an agent-based IDS, including distributing the computational effort, reducing the amount of information sent over the network, platform independence, asynchronous operation, and modularity offering ease of updates. Anomaly detection agents use machine learning techniques to detect intrusions; one such agent processes streams of system calls from privileged processes. Misuse detection agents match known problems and correlate events to detect intrusions. Agents report intrusions to other agents and to the system administrator through the graphical user interface (GUI);A sound basis has been created for the intrusion detection system. Intrusions have been modeled using the Software Fault Tree Analysis (SFTA) technique; when augmented with constraint nodes describing trust, contextual, and temporal relationships, the SFTA forms a basis for stating the requirements of the intrusion detection system. Colored Petri Nets (CPN) have been created to model the design of the Intrusion Detection System. Algorithmic transformations are used to create CPN templates from augmented SFT and to create implementation templates from CPNs. The implementation maintains the CPN semantics in the distributed agent-based intrusion detection system

Unsupervised learning algorithms applied to grouping problems

One of the tasks of great interest within process mining is the discovery of business process models, which consists of using an event log as input and producing a business process model by analyzing the data contained in the log and applying a process mining method, task and/or technique. The discovery allows the identification of the behaviors contained in the cases of the event log in order to detect possible deviations and/or validate that the business process is executed according to the business requirements. This paper presents an approach based on unsupervised learning techniques for the grouping of traces to generate simpler and more understandable models. The algorithms implemented for clustering are K-means, hierarchical agglomerative and density-based spatial clustering of applications with noise (DBSCAN)