Go to DBLP homepageDynamic Behavior Matching: A Complexity Analysis and New Approximation Algorithms
Abstract: A number of advances in software security over the past decade have foundations in the behavior matching problem: given a specification of software behavior and a concrete execution trace, determine whether the behavior is exhibited by the execution trace. Despite the importance of this problem, precise descriptions of algorithms for its solution, and rigorous analyses of their complexity, are missing in the literature. In this paper, we formalize the notion of behavior matching used by the software security community, study the complexity of the problem, and give several algorithms for its solution, both exact and approximate. We find that the problem is in general not efficiently solvable, i.e. behavior matching is NP-Complete. We demonstrate empirically that our approximation algorithms can be used to efficiently find accurate solutions to real instances.
Loading