Skip to main content
SpringerLink
Log in

Algorithmic Improvements on Regular Inference of Software Models and Perspectives for Security Testing

  • Conference paper
Leveraging Applications of Formal Methods, Verification and Validation. Technologies for Mastering Change (ISoLA 2012)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7609))

Abstract

Among the various techniques for mining models from software systems, regular inference of black-box systems has been a central technique in the last decade. In this paper, we present various directions we have investigated for improving the efficiency of algorithms based on L * in a software testing context where interactions with systems entail large and complex input domains. In particular we consider algorithmic optimizations for large input sets, for parameterized inputs, for processing counterexamples. We also present our current directions motivated by application to security testing: focusing on specific sequences, identifying randomly generated values, combining with other adaptive techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Connect FP7 project, https://www.connect-forever.eu/

  2. SPaCIoS FP7 project, http://www.spacios.eu/

  3. Aarts, F., Jonsson, B., Uijen, J.: Generating Models of Infinite-State Communication Protocols Using Regular Inference with Abstraction. In: Petrenko, A., Simão, A., Maldonado, J.C. (eds.) ICTSS 2010. LNCS, vol. 6435, pp. 188–204. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Ammons, G., Bodík, R., Larus, J.R.: Mining specifications. In: POPL, pp. 4–16 (2002)

    Google Scholar 

  5. Angluin, D.: Learning regular sets from queries and counterexamples. Information and Computation 2, 87–106 (1987)

    Article  MathSciNet  Google Scholar 

  6. Berg, T., Jonsson, B., Raffelt, H.: Regular Inference for State Machines with Parameters. In: Baresi, L., Heckel, R. (eds.) FASE 2006. LNCS, vol. 3922, pp. 107–121. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Berg, T., Jonsson, B., Raffelt, H.: Regular Inference for State Machines Using Domains with Equality Tests. In: Fiadeiro, J.L., Inverardi, P. (eds.) FASE 2008. LNCS, vol. 4961, pp. 317–331. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Cho, C.Y., Babic, D., Shin, E.C.R., Song, D.: Inference and analysis of formal models of botnet command and control protocols. In: ACM Conference on Computer and Communications Security, pp. 426–439 (2010)

    Google Scholar 

  9. Cook, J.E., Wolf, A.L.: Discovering models of software processes from event-based data. ACM Trans. Softw. Eng. Methodol. 7(3), 215–249 (1998)

    Article  Google Scholar 

  10. Yannakakis, M., Peled, D., Vardi, M.Y.: Black box checking. In: Proceedings of FORTE 1999, Beijing, China (1999)

    Google Scholar 

  11. de la Higuera, C.: Grammatical Inference - Learning Automata and Grammars. Cambridge University Press (2010)

    Google Scholar 

  12. Duchène, F., Groz, R., Rawat, S., Richier, J.-L.: XSS vulnerability detection using model inference assisted evolutionary fuzzing. In: SECTEST. IEEE (2012)

    Google Scholar 

  13. Eisenstat, S., Angluin, D.: Learning random DFAs with membership queries: the GoodSplit algorithm. In: ZULU Workshop Organised During ICGI (2010)

    Google Scholar 

  14. Ernst, M.D., Perkins, J.H., Guo, P.J., McCamant, S., Pacheco, C., Tschantz, M.S., Xiao, C.: The Daikon system for dynamic detection of likely invariants. Science of Computer Programming (2006)

    Google Scholar 

  15. Groz, R., Li, K., Petrenko, A., Shahbaz, M.: Modular System Verification by Inference, Testing and Reachability Analysis. In: Suzuki, K., Higashino, T., Ulrich, A., Hasegawa, T. (eds.) TestCom/FATES 2008. LNCS, vol. 5047, pp. 216–233. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Hagerer, A., Hungar, H., Niese, O., Steffen, B.: Model Generation by Moderated Regular Extrapolation. In: Kutsche, R.-D., Weber, H. (eds.) FASE 2002. LNCS, vol. 2306, pp. 80–95. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Howar, F., Steffen, B., Jonsson, B., Cassel, S.: Inferring Canonical Register Automata. In: Kuncak, V., Rybalchenko, A. (eds.) VMCAI 2012. LNCS, vol. 7148, pp. 251–266. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Howar, F., Steffen, B., Merten, M.: From ZULU to RERS - Lessons Learned in the ZULU Challenge. In: Margaria, T., Steffen, B. (eds.) ISoLA 2010, Part I. LNCS, vol. 6415, pp. 687–704. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  19. Hungar, H., Niese, O., Steffen, B.: Domain-Specific Optimization in Automata Learning. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 315–327. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  20. Irfan, M.N., Groz, R., Oriat, C.: Improving model inference of black box components having large input test set (submitted 2012)

    Google Scholar 

  21. Irfan, M.N., Oriat, C., Groz, R.: Angluin style finite state machine inference with non-optimal counterexamples. In: MIIT, pp. 11–19. ACM, New York (2010)

    Chapter  Google Scholar 

  22. Li, K., Groz, R., Hossen, K., Oriat, C.: Inferring automata with variables and nondeterministic values for testing security software (submitted 2012)

    Google Scholar 

  23. Li, K., Groz, R., Shahbaz, M.: Integration testing of components guided by incremental state machine learning. In: TAIC PART, pp. 59–70. IEEE Computer Society (2006)

    Google Scholar 

  24. Li, K., Groz, R., Shahbaz, M.: Integration Testing of Distributed Components Based on Learning Parameterized I/O Models. In: Najm, E., Pradat-Peyre, J.-F., Donzeau-Gouge, V.V. (eds.) FORTE 2006. LNCS, vol. 4229, pp. 436–450. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  25. Lorenzoli, D., Mariani, L., Pezzè, M.: Inferring state-based behavior models. In: WODA 2006: Proceedings of the 2006 International Workshop on Dynamic Systems Analysis, pp. 25–32. ACM Press (2006)

    Google Scholar 

  26. Mäkinen, E., Systä, T.: Mas - an interactive synthesizer to support behavioral modelling in uml. In: ICSE 2001: Proceedings of the 23rd International Conference on Software Engineering, pp. 15–24. IEEE Computer Society, Washington, DC (2001)

    Chapter  Google Scholar 

  27. Maler, O., Pnueli, A.: On the learnability of infinitary regular sets. Inf. Comput. 118(2), 316–326 (1995)

    Article  MathSciNet  MATH  Google Scholar 

  28. Margaria, T., Niese, O., Raffelt, H., Steffen, B.: Efficient test-based model generation for legacy reactive systems. In: IEEE International High-Level Design, Validation, and Test Workshop, pp. 95–100 (2004)

    Google Scholar 

  29. Meinke, K.: Automated black-box testing of functional correctness using function approximation. In: ISSTA, pp. 143–153 (2004)

    Google Scholar 

  30. Meinke, K.: CGE: A Sequential Learning Algorithm for Mealy Automata. In: Sempere, J.M., García, P. (eds.) ICGI 2010. LNCS, vol. 6339, pp. 148–162. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  31. Meinke, K., Niu, F.: Learning-Based Testing for Reactive Systems Using Term Rewriting Technology. In: Wolff, B., Zaïdi, F. (eds.) ICTSS 2011. LNCS, vol. 7019, pp. 97–114. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  32. Niese, O.: An Integrated Approach to Testing Complex Systems. PhD thesis, University of Dortmund (2003)

    Google Scholar 

  33. Pasareanu, C.S., Giannakopoulou, D., Bobaru, M.G., Cobleigh, J.M., Barringer, H.: Learning to divide and conquer: applying the L * algorithm to automate assume-guarantee reasoning. Formal Methods in System Design 32(3), 175–205 (2008)

    Article  MATH  Google Scholar 

  34. Rivest, R.L., Schapire, R.E.: Inference of finite automata using homing sequences. In: Machine Learning: From Theory to Applications, pp. 51–73 (1993)

    Google Scholar 

  35. Shahbaz, M.: Reverse Engineering Enhanced State Models of Black Box Software Components to Support Integration Testing. Phd thesis, Institut Polytechnique de Grenoble (2008)

    Google Scholar 

  36. Shahbaz, M., Groz, R.: Using invariant detection mechanism in black box inference. In: ISoLA Workshop on Leveraging Applications of Formal Methods (2007)

    Google Scholar 

  37. Shahbaz, M., Groz, R.: Inferring Mealy Machines. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 207–222. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  38. Shu, G., Lee, D.: Testing security properties of protocol implementations - a machine learning based approach. In: ICDCS, Toronto, Ontario, Canada (2007)

    Google Scholar 

  39. Utting, M., Legeard, B.: Practical Model-Based Testing - A Tools Approach. Morgan Kaufmann (2007)

    Google Scholar 

  40. Witten, I.H., Frank, E., Hall, M.A.: Data Mining: Practical Machine Learning Tools and Techniques, 3rd edn. Morgan Kaufmann (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LIG, Computer Science Lab, Grenoble Institute of Technology, France

    Roland Groz, Muhammad-Naeem Irfan & Catherine Oriat

Authors
  1. Roland Groz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad-Naeem Irfan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Catherine Oriat
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Informatik, Universität Potsdam, August-Bebel-Straße 89, 14482, Potsdam, Germany

    Tiziana Margaria

  2. Fakultät für Informatik, Technische Universität Dortmund, Otto-Hahn-Straße 14, 44227, Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Groz, R., Irfan, MN., Oriat, C. (2012). Algorithmic Improvements on Regular Inference of Software Models and Perspectives for Security Testing. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. Technologies for Mastering Change. ISoLA 2012. Lecture Notes in Computer Science, vol 7609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34026-0_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34026-0_33

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34025-3

  • Online ISBN: 978-3-642-34026-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation