A Stream-Based Specification Language for Network Monitoring

@inproceedings{Faymonville2016ASS,
  title={A Stream-Based Specification Language for Network Monitoring},
  author={Peter Faymonville and Bernd Finkbeiner and Sebastian Schirmer and Hazem Torfah},
  booktitle={RV},
  year={2016}
}
We introduce Lola 2.0, a stream-based specification language for the precise description of complex security properties in network traffic. [] Key Method Lola 2.0 is simple and expressive: it combines the ease-of-use of rule-based specification languages like Snort with the expressiveness of heavy-weight scripting languages or temporal logics previously needed for the description of complex stateful dependencies and statistical measures.
Towards a stream-basedmonitoring language for asynchronous systems
TLDR
This thesis generalizes the time assumption to cover streams whose events are stamped from a real-time domain, but keep the essential explicit time dependencies present in previous synchronous SRV languages, and proposes a solution based on Stream Runtime Verification, which is called Striver.
Real-time Stream-based Monitoring
TLDR
This work introduces RTLola, a new stream-based specification language for the description of real-time properties of reactive systems that allows for an automatic memory analysis that guides the user in identifying the computationally expensive specifications.
Synchronous and asynchronous stream runtime verification
TLDR
It is justified that synchronous SRV can be modeled by real-time SRV and finally conditions under which synchronousSRV can simulate real- time SRV are presented.
Stream runtime verification of real-time event streams with the Striver language
TLDR
Striver is a general language that allows expressing for certain time domains other real-time monitoring languages, like TeSSLa, and temporal logics, like STL, and translations from other formalisms for (piecewise-constant) real- time signals and timed event streams.
L O ] 1 2 Ju n 20 19 Real-time Stream-based Monitoring
We introduce RTLola, a new stream-based specification language for the description of real-time properties of reactive systems. The key feature is the integration of sliding windows over real-time
Runtime Monitoring with LOLA
TLDR
The main contribution of this thesis is to adapt LOLA to the domain requirements, and the LOLA specification language is extended by new operators to increase its usability and expressiveness.
Runtime verification of real-time event streams under non-synchronized arrival
TLDR
This work introduces a theory of asynchronous transducers and shows a formal proof of the correctness such that every possible run of the monitor implements the semantics, and reports an empirical evaluation of a highly concurrent Erlang implementation of the monitoring algorithm.
Declarative Stream Runtime Verification (hLola)
TLDR
This paper proposes an SRV language called hLola that borrows general Haskell types and embeds them transparently into an eDSL, which allows for example, the use of higher-order functions for static stream parameterization.
3 1 A ug 2 01 8 TeSSLa : Temporal Stream-based Specification Language ⋆
TLDR
TeSSLa is presented, a temporal stream-based specification language for SRV that supports timestamped events natively and is hence suitable for streams that are both sparse and finegrained, which often occur in practice.
TeSSLa: Temporal Stream-based Specification Language
TLDR
TeSSLa is presented, a temporal stream-based specification language for SRV that supports timestamped events natively and is hence suitable for streams that are both sparse and fine-grained, which often occur in practice.
...
...

References

SHOWING 1-10 OF 25 REFERENCES
LOLA: runtime monitoring of synchronous systems
TLDR
A specification language and algorithms for the online and offline monitoring of synchronous systems including circuits and embedded systems, and a class of specifications, characterized syntactically, for which the algorithm's memory requirement is independent of the length of the input streams.
Foundations of Boolean stream runtime verification
SIGNAL: A declarative language for synchronous programming of real-time systems
TLDR
An applicative language, SIGNAL, designed to program real-time systems, based on a synchronous notion of time, which allows to derive a complete static calculus of the timing of any SIGNAL process, called its clock calculus.
The synchronous data flow programming language LUSTRE
The authors describe LUSTRE, a data flow synchronous language designed for programming reactive systems-such as automatic control and monitoring systems-as well as for describing hardware. The data
Rule Systems for Run-time Monitoring: from Eagle to RuleR
TLDR
RuleR is introduced, a primitive conditional rule-based system, which has a simple and easily implemented algorithm for effective run-time checking, and into which one can compile a wide range of temporal logics and other specification formalisms used for run- time verification.
Rule-based runtime verification revisited
  • K. Havelund
  • Computer Science
    International Journal on Software Tools for Technology Transfer
  • 2014
TLDR
This work has implemented a rule-based system, named LogFire, for runtime verification, founded on the Rete algorithm, as an internal DSL in the Scala programming language (in essence a library), which allows to write rules elegantly as part of Scala programs.
Monitoring Parametric Temporal Logic
TLDR
This work applies runtime verification to obtain quantitative information about the execution, based on linear-time temporal properties: the temporal specification is extended to include parameters that are instantiated according to a measure obtained at runtime.
Formal Techniques for Networked and Distributed Systems – FORTE 2004
TLDR
Formal Verification of a Practical Lock-Free Queue Algorithm for Web Applications Modeled by Communicating Automata and Conditions for Resolving Observability Problems in Distributed Testing.
A Temporal Logic Based Framework for Intrusion Detection
TLDR
This work proposes a framework for intrusion detection that is based on runtime monitoring of temporal logic specifications, and uses an online monitoring algorithm that matches specifications of the absence of an attack, with system execution traces, and raises an alarm whenever the specification is violated.
...
...