4,259 research outputs found
A Coalgebraic Approach to Kleene Algebra with Tests
Kleene algebra with tests is an extension of Kleene algebra, the algebra of
regular expressions, which can be used to reason about programs. We develop a
coalgebraic theory of Kleene algebra with tests, along the lines of the
coalgebraic theory of regular expressions based on deterministic automata.
Since the known automata-theoretic presentation of Kleene algebra with tests
does not lend itself to a coalgebraic theory, we define a new interpretation of
Kleene algebra with tests expressions and a corresponding automata-theoretic
presentation. One outcome of the theory is a coinductive proof principle, that
can be used to establish equivalence of our Kleene algebra with tests
expressions.Comment: 21 pages, 1 figure; preliminary version appeared in Proc. Workshop on
Coalgebraic Methods in Computer Science (CMCS'03
Deterministic Automata for Unordered Trees
Automata for unordered unranked trees are relevant for defining schemas and
queries for data trees in Json or Xml format. While the existing notions are
well-investigated concerning expressiveness, they all lack a proper notion of
determinism, which makes it difficult to distinguish subclasses of automata for
which problems such as inclusion, equivalence, and minimization can be solved
efficiently. In this paper, we propose and investigate different notions of
"horizontal determinism", starting from automata for unranked trees in which
the horizontal evaluation is performed by finite state automata. We show that a
restriction to confluent horizontal evaluation leads to polynomial-time
emptiness and universality, but still suffers from coNP-completeness of the
emptiness of binary intersections. Finally, efficient algorithms can be
obtained by imposing an order of horizontal evaluation globally for all
automata in the class. Depending on the choice of the order, we obtain
different classes of automata, each of which has the same expressiveness as
CMso.Comment: In Proceedings GandALF 2014, arXiv:1408.556
Tracking Cyber Adversaries with Adaptive Indicators of Compromise
A forensics investigation after a breach often uncovers network and host
indicators of compromise (IOCs) that can be deployed to sensors to allow early
detection of the adversary in the future. Over time, the adversary will change
tactics, techniques, and procedures (TTPs), which will also change the data
generated. If the IOCs are not kept up-to-date with the adversary's new TTPs,
the adversary will no longer be detected once all of the IOCs become invalid.
Tracking the Known (TTK) is the problem of keeping IOCs, in this case regular
expressions (regexes), up-to-date with a dynamic adversary. Our framework
solves the TTK problem in an automated, cyclic fashion to bracket a previously
discovered adversary. This tracking is accomplished through a data-driven
approach of self-adapting a given model based on its own detection
capabilities.
In our initial experiments, we found that the true positive rate (TPR) of the
adaptive solution degrades much less significantly over time than the naive
solution, suggesting that self-updating the model allows the continued
detection of positives (i.e., adversaries). The cost for this performance is in
the false positive rate (FPR), which increases over time for the adaptive
solution, but remains constant for the naive solution. However, the difference
in overall detection performance, as measured by the area under the curve
(AUC), between the two methods is negligible. This result suggests that
self-updating the model over time should be done in practice to continue to
detect known, evolving adversaries.Comment: This was presented at the 4th Annual Conf. on Computational Science &
Computational Intelligence (CSCI'17) held Dec 14-16, 2017 in Las Vegas,
Nevada, US
Tracking Cyber Adversaries with Adaptive Indicators of Compromise
A forensics investigation after a breach often uncovers network and host
indicators of compromise (IOCs) that can be deployed to sensors to allow early
detection of the adversary in the future. Over time, the adversary will change
tactics, techniques, and procedures (TTPs), which will also change the data
generated. If the IOCs are not kept up-to-date with the adversary's new TTPs,
the adversary will no longer be detected once all of the IOCs become invalid.
Tracking the Known (TTK) is the problem of keeping IOCs, in this case regular
expressions (regexes), up-to-date with a dynamic adversary. Our framework
solves the TTK problem in an automated, cyclic fashion to bracket a previously
discovered adversary. This tracking is accomplished through a data-driven
approach of self-adapting a given model based on its own detection
capabilities.
In our initial experiments, we found that the true positive rate (TPR) of the
adaptive solution degrades much less significantly over time than the naive
solution, suggesting that self-updating the model allows the continued
detection of positives (i.e., adversaries). The cost for this performance is in
the false positive rate (FPR), which increases over time for the adaptive
solution, but remains constant for the naive solution. However, the difference
in overall detection performance, as measured by the area under the curve
(AUC), between the two methods is negligible. This result suggests that
self-updating the model over time should be done in practice to continue to
detect known, evolving adversaries.Comment: This was presented at the 4th Annual Conf. on Computational Science &
Computational Intelligence (CSCI'17) held Dec 14-16, 2017 in Las Vegas,
Nevada, US
Mutation of Directed Graphs -- Corresponding Regular Expressions and Complexity of Their Generation
Directed graphs (DG), interpreted as state transition diagrams, are
traditionally used to represent finite-state automata (FSA). In the context of
formal languages, both FSA and regular expressions (RE) are equivalent in that
they accept and generate, respectively, type-3 (regular) languages. Based on
our previous work, this paper analyzes effects of graph manipulations on
corresponding RE. In this present, starting stage we assume that the DG under
consideration contains no cycles. Graph manipulation is performed by deleting
or inserting of nodes or arcs. Combined and/or multiple application of these
basic operators enable a great variety of transformations of DG (and
corresponding RE) that can be seen as mutants of the original DG (and
corresponding RE). DG are popular for modeling complex systems; however they
easily become intractable if the system under consideration is complex and/or
large. In such situations, we propose to switch to corresponding RE in order to
benefit from their compact format for modeling and algebraic operations for
analysis. The results of the study are of great potential interest to mutation
testing
A Fast Compiler for NetKAT
High-level programming languages play a key role in a growing number of
networking platforms, streamlining application development and enabling precise
formal reasoning about network behavior. Unfortunately, current compilers only
handle "local" programs that specify behavior in terms of hop-by-hop forwarding
behavior, or modest extensions such as simple paths. To encode richer "global"
behaviors, programmers must add extra state -- something that is tricky to get
right and makes programs harder to write and maintain. Making matters worse,
existing compilers can take tens of minutes to generate the forwarding state
for the network, even on relatively small inputs. This forces programmers to
waste time working around performance issues or even revert to using
hardware-level APIs.
This paper presents a new compiler for the NetKAT language that handles rich
features including regular paths and virtual networks, and yet is several
orders of magnitude faster than previous compilers. The compiler uses symbolic
automata to calculate the extra state needed to implement "global" programs,
and an intermediate representation based on binary decision diagrams to
dramatically improve performance. We describe the design and implementation of
three essential compiler stages: from virtual programs (which specify behavior
in terms of virtual topologies) to global programs (which specify network-wide
behavior in terms of physical topologies), from global programs to local
programs (which specify behavior in terms of single-switch behavior), and from
local programs to hardware-level forwarding tables. We present results from
experiments on real-world benchmarks that quantify performance in terms of
compilation time and forwarding table size
Temiar Reduplication in One-Level Prosodic Morphology
Temiar reduplication is a difficult piece of prosodic morphology. This paper
presents the first computational analysis of Temiar reduplication, using the
novel finite-state approach of One-Level Prosodic Morphology originally
developed by Walther (1999b, 2000). After reviewing both the data and the basic
tenets of One-level Prosodic Morphology, the analysis is laid out in some
detail, using the notation of the FSA Utilities finite-state toolkit (van Noord
1997). One important discovery is that in this approach one can easily define a
regular expression operator which ambiguously scans a string in the left- or
rightward direction for a certain prosodic property. This yields an elegant
account of base-length-dependent triggering of reduplication as found in
Temiar.Comment: 9 pages, 2 figures. Finite-State Phonology: SIGPHON-2000, Proceedings
of the Fifth Workshop of the ACL Special Interest Group in Computational
Phonology, pp.13-21. Aug. 6, 2000. Luxembour
LTLf and LDLf Monitoring: A Technical Report
Runtime monitoring is one of the central tasks to provide operational
decision support to running business processes, and check on-the-fly whether
they comply with constraints and rules. We study runtime monitoring of
properties expressed in LTL on finite traces (LTLf) and in its extension LDLf.
LDLf is a powerful logic that captures all monadic second order logic on finite
traces, which is obtained by combining regular expressions and LTLf, adopting
the syntax of propositional dynamic logic (PDL). Interestingly, in spite of its
greater expressivity, LDLf has exactly the same computational complexity of
LTLf. We show that LDLf is able to capture, in the logic itself, not only the
constraints to be monitored, but also the de-facto standard RV-LTL monitors.
This makes it possible to declaratively capture monitoring metaconstraints, and
check them by relying on usual logical services instead of ad-hoc algorithms.
This, in turn, enables to flexibly monitor constraints depending on the
monitoring state of other constraints, e.g., "compensation" constraints that
are only checked when others are detected to be violated. In addition, we
devise a direct translation of LDLf formulas into nondeterministic automata,
avoiding to detour to Buechi automata or alternating automata, and we use it to
implement a monitoring plug-in for the PROM suite
- …