FlexFringe: Modeling Software Behavior by Learning Probabilistic Automata
This work addresses software log analysis and anomaly detection for developers and security analysts, but it is incremental as it builds on well-known state-merging strategies with practical modifications.
The authors tackled the problem of modeling software behavior by learning probabilistic automata, presenting FlexFringe, which implements efficient state-merging methods and achieves competitive results, including outperforming a neural net-based solution in anomaly detection.
We present the efficient implementations of probabilistic deterministic finite automaton learning methods available in FlexFringe. These implement well-known strategies for state-merging including several modifications to improve their performance in practice. We show experimentally that these algorithms obtain competitive results and significant improvements over a default implementation. We also demonstrate how to use FlexFringe to learn interpretable models from software logs and use these for anomaly detection. Although less interpretable, we show that learning smaller more convoluted models improves the performance of FlexFringe on anomaly detection, outperforming an existing solution based on neural nets.