From 5f2cb74c7b34c45da2f380a0a1713c978e04218b Mon Sep 17 00:00:00 2001
From: Arthur Grisel-Davy <grisel-davy@crans.org>
Date: Fri, 14 Jul 2023 00:02:52 -0400
Subject: [PATCH] update

---
 DSD/qrs/biblio.bib               |  20 +-
 DSD/qrs/images/2w_experiment.pdf | Bin 0 -> 7298 bytes
 DSD/qrs/images/2w_experiment.svg | 419 +++++++++++--------------------
 DSD/qrs/main.tex                 |  18 +-
 4 files changed, 169 insertions(+), 288 deletions(-)
 create mode 100644 DSD/qrs/images/2w_experiment.pdf

diff --git a/DSD/qrs/biblio.bib b/DSD/qrs/biblio.bib
index 80668b0..070813b 100644
--- a/DSD/qrs/biblio.bib
+++ b/DSD/qrs/biblio.bib
@@ -610,7 +610,25 @@ series = {CoDS COMAD 2020}
 }
 
 @misc{sleep_states,
-title={Sleep States Description: },
+title={Sleep States Description},
 url={https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/system-sleeping-states},
 year={2023},
 }
+
+
+@misc{mitre_crypto,
+  title={Mitre ATT\&CK - T1496 Resource Hijacking},
+  url = {https://attack.mitre.org/versions/v13/techniques/T1496/},
+}
+@misc{mitre_botnet,
+  title={Mitre ATT\&CK - T1583.005 Acquire Infrastructure: Botnet},
+  url = {https://attack.mitre.org/versions/v13/techniques/T1583/005/},
+}
+@misc{mitre_prevent,
+  title={Mitre ATT\&CK - T1562.001 Impair Defenses: Disable or Modify Tools},
+  url = {https://attack.mitre.org/versions/v13/techniques/T1562/001/},
+}
+@misc{mitre_ransomware,
+  title={Mitre ATT\&CK - T1486 Data Encrypted for Impact},
+  url = {https://attack.mitre.org/versions/v13/techniques/T1486/},
+}
diff --git a/DSD/qrs/images/2w_experiment.pdf b/DSD/qrs/images/2w_experiment.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..fc0522aee9d288a7e09cce50c5cd460bd26503dc
GIT binary patch
literal 7298
zcma)>1zc3!w!oDfX#@qyAysMuhHmNZ7(jAp7`jV9T0j~^6ckiCq(e|bL>fuy28Tvc
zcmu}w-Fv@x-<vaYX79Dvj<eR@>-_eAv#3eQa6-6Xcr2Bu;uAa`AQ*@=v&9n@27;6j
zj#h5gKp0x2fd>QvK{7V>ZU`6jzrCp&LJDDyv_RmAisHGtxgbm(@VqjUb(N7cd<2cX
zC28~DOm93s&MD@^AjkHxt`{ekAXaIJo%BHst)HHYD(tR~jnYw8c}_<p(H+UzzOFnR
zBRk{oZLhOusy0^X4txX~AbO{2JVC5m^~1+8t+RAFMNaAcz>E_4v;xm{qZ2oKq{+&}
zEJavmLnn=KwVwT=p3+<I4|FP{P9D_Xx46<W2f{=eEXb<+08_V?e+)?8pI}@FCGQIp
zF)L+N9~EcPM;fLO`o09Ve@aQhC)II`Ol~!4m`>PH8jGJu*vT9PG&<+E(OC#&@CDb8
z1{dnxD`#28x-K)2^3oguWw7rQER&tA<FvWm1FtdIQR%T;bc{-?zGF0&;JqVZcd$Q{
z+7#9%MoSf5mmD;#<2$*RERW6bIwB<`(h0jNTyuBU5_wRS``u~KZ|$4oCU;xUdSHr*
zM<9KG!yT&Vp)x@cL-SjZEMGiY=^rx=9Ugj}vDx+IrRML1P6z#jgS1PNnBXPy`<Rc6
zLb9L76J$91W<=(PZ&;}jh4EjZLh;yj!h#&1R8}CY#f5-TQZSyu5%O$sH=zo4SsP8i
z*+|)u9mTza!#(6l*ZjdN*KB-Cg}cOGeG;VAwzM=v)bVeQ0ba|aAfk6GNvYl_ht04u
z=sHq-ZA_#Q0DLrK)xZ1A&yDDXN!vzsL4EkL(Ml|_F0pYerVxN)?tw-#A&cbkRVqA<
zJ>ec%7IG-jJ`~qKzrj$_c4z#=(uF5%wn|^<osG^Ke>a;h0~;w#JXMRlWXQQ_o}JZZ
z%$sN;RNCF=94wUEG$RbCvj#D`cW=&U(@CB#4s8^brFjnvaqUAmw_lgWlO)5d=5_V3
z+$?b;TVpiyXxv|H%pV=C?f#fN`tDWq-KPiw$Q1N%5~AIoEemYM5fb#elY7!ZggE(e
z<~5aKrV{$Xx7Au){3G)Xh`A$w(kY$^DHBJAOSsM|spqgSHqID8o4vD<>-r+T+*qcS
zOgEnC0t5EDQChYw)7U+lrL_#N{WUy>-eyv&&a2mQF-sn2AvIwDhg?0tt2+CjA#i;Z
z*4KprY$;Xoevpy2{VMHRSGjPjxNk7q)AY4eW@Dvzdij2qSJiTooi3l?`qxMDZ)?+<
z%dr@`zI=u`6!(Chw~GY@9|oDvb67G)c|Ee8sTgX;H9X1(#>b>B#Z%qvPpT^Ltb)Do
z%!xf6&~8haYTT$1#`1|K#JB#GQ?+%Y(-SAlP-dZGP|0qAn=5X(h_M&hJ6@KiFhzl#
zs?aza+uz}LRVi7CcXo%ZDaB=u=R?%f2x_VgH9pYu_s_l#jNuiGe=p~61ENUNwf8cf
z-Ou|<5|v7C*+_`$5BgYG`K9`UH`0K~3t6FG?U>I7_9Z7v=Xup<%^$gep{3HtL9m{^
z1i(>a5qjD}t&}YQ70iHtmD_ykl1M_jL<5<m`9RKndog)DGvA>kv0Lb~%1hO~D{$1}
zK=laSObe`19$TND7X0K>gD)y0!|3|UTSwI<fd2L7icOltKETFjL35M+Hz!Bidng;(
zDxs`i%4EUarHY;IUEuLC*VWjUxRUG<a&>gCts*HtlWdPquURk0r@e~3Z4DrI5Iab3
zNTkBqc&5?%BU>*l{!{L5T^z^S;lWbiA*Edb9>US$S6D-*E&}336ukIH$3X}b%73A7
zk>&mqFE1mcw3nN#rW-ms0)>Sy1n3XQ6pYRQLH8tp5Fp6h6n#g>OmxA|J4goU==L{l
zOHME+7|8oO=AxC*-(Q{a{pkz{((-mf070r|wwi7ZmtFsg*8IO~f>eNz%K{l27gskR
z&#&}<kKiKR5d07@Io8aiv9qGCvXTZIKm?B`dT3UkOk_qsXU5#Gaqgc;E;Q9q?<t^{
z11mofBrUg_AoG~HMiQLsjDvfRY*w-)o3k62Se3x=T9!-pf`r6JVZ_|W?*dudRnYlw
z6GS`4B}MwI*0hoz-*vvGo@^NRaMMiN7=F~7hLSYMKm8Ipbx&5=2!|u;@EwEI&56e$
z5l^z-F(Y70|LK&AhyCpon80r{LBM~r(=W3?Ab;%gPj9gcKmF8%0Abt^=)b(yP<r^T
z)FbXq2VCMoUZCbS483n=6!_of2ubiwuEk?XX!u3G%z8^Due6s#mnBzOSY}`Qm_;a{
zHPT3R=p}cQU474x!_#nTzC;xfcUEN)%`fS;!db&lEopT2HFf4Kpl=+;+?7kMD43<+
zcmzs#E+_bIiuTk_AN6={V7~`22-Q)m18DiHHV;9fesiLseiWpP^+fcIyM3Endeb4d
z>B7o}ABUXWe2@9+oG4oyuiaMGq*+jw_g)}qk4!dp(!+L+6(7_85XWb0g%kHXgOaht
z>kfq9{AiPAhdM3A^FX@exotAsIQmte!+;erTz~3vV8_m8Jc^uf%1iyqK7&QF^|g*<
z+uXe55G7TLJeG`vf@D_hqB|}P(W}>}KDadOVj24039~mowu62NNM1JYj{v?EYet^>
zvQef6`{x?A&n}#fQ&{>evuTtu`-dMtQJso>c+Vx6Fmhq%cA$iVK^>(!F59tQwsBmU
zXdti|Iv-L|_E^EuydY2<L-pERidb_=Jcx;E8&I~5ado%gdnCNLNZ??$*^uQWZ5qwg
zG(~aG{sA#D?8Jc6%KdEUW0vcLWiPGcq^Pl?@Xr43a?@G(a!>lS2UDo=?E@xUlOX0=
zHtjMQyO>N19(cR)_*ekN0TG?x(AgME7umhT)$bJTc^ox(C5$n6U7PdI5=x$@%qE*P
z>kJkYh6mk-*IL%(zFzY|*4Np`!0VSlU3jgOjpL)*q&WDt938P=%#$hkAZDm_D<995
z#qNi4#*o3(VMX})$0P@9jXsb1IdixIsLfD`Uspb+YShm#f8Q!%;C0u-$5J`z3R>l)
zx@t6>sRi(Ca6$!ZI6VE6R{8va%;Bz)%gz1fm|V6Q*(XHqWBGM5A)ANwD6uEjUKp`b
zpAIm@z&CFs9QHC5wpk|c<&Go-ZxdplH7IS|OE@BIlow1af3v=1Ywp%8F|t*Gn&?fH
zec3OwsmIgGrS!#fkM&jl!6UJx>o%eR_a{VkSE;-A1oEmZtO{z2gls+a-$+fxsM3MY
zZh2oR17ucb+~JEP0#1yM<0+0%n(UBiQXeerV;YYsv?C`Ls@iad98QQgxkhlGG_cC7
z7ry~1qkI;ERJLQc=QZ_6;x@(H3WV#eJ_s9h!VcC<T#wdvI);cp3ZzkEjk9UWkUY4h
z^cA2V^abPTm<|kwH4=gM-u^50?vjxX>+~Gmu6&bRX2<ZY)cptx5z|To=_3|_S$!YS
zDbzp%qMnmAVKzJw?MD&7A^J>F0Gnasx(MoAILOKmW77;XI0zfD%IHkESO)BC63=Pm
z5BIeqG@R?w-L^Y)m_fF-A|6`cY}k6!wt;JpVw*x<gm1nE5#*g5_V*tjhR#n3y^1BA
z^6&Z@DWi}+Ef{FFIVIEtfIR&6{`U5bBq(>wp+Y!iV>7;tT|&<R0uW4UgK1A#L9bZ0
z;n=e-M4Q8S7uLE<gTg<lU&)+KRoPJyjl!gn&3Qj-ahF*thcu%YfNYb(9mVXuCVL;O
z#)~TAmbLS-x_-rlCfFfF=|N#(Mz)Ujm>eW#`g3@rsq9LZ;fP35b@;jWoi{7#I~Cb!
z&8G(ORr++Bb5VZ$kESUwLlY;+JT>2TnNoyqI5DI*H9xHPnzF5^<rEVx32lCcb?AC)
zuDEF7;cC2@3|&o|+!uF|@idV^Z@e%i4w;FP<v|tMx*+p5CB7`4Vyqe$%N-QojLL~X
z&GoOfG-nwZ2l&BaC89svmf2Emr?a}fv04(lM9=-W)*&u2MokJihY6&_eW|t`4e2>y
zO)GnqO?eRBS~lO0xl3u9GaJ{+S0i%p>Gb{h$rbo}aEeHkJ?%yI;tWS`?pIM%`rM&w
z;pMW}>sbt@5u%pIA$Y=OjdGsR290XL2IJqD=fzyTs;4}nr>}pbG&bNWi`H05He*v>
zang!LSzpA4{oULvdA@ggM((smS7u9Ua(rH@fD@a3n|?+c)5)N2HfGN<X5T;gxtcZK
zEE5!w?FZ8@ls)yRdZDcz`r3gc@zh6!>Mfx8=pCa(7kTCqpsMkSinp-s+MJld+3M}`
zx$QfV-?g=!_0O30*rR2&v5@*74%qW`tv%<7u}d=SH|1Z;0EV#6S_TT3$3*jz8^eY<
z&nfO>Dd7k@2f4g1SxSZMe;Hc;*wo{(rB+bzP~3_E9LI-~7(zzPc;v_13cb%&Ut8r6
z(y?qxJLPo$@hv;u07U^7nYGNxHcMZJA`J!ID`8(tvp!aEP{*dUr7I)bPw8HP7;+Pe
ztuiI$m6sT^rQ+n6G})!E5F{d*+O-y`xksfQ!i^`l*PW+s5(qX}F@8^T6Xs}Ve5}W@
zcJoErjmFTps?9}diq*)9Lagkll2M?3Gh-B+9j}rZ)&9LN!|?#yVQSjavOIj|6BS0w
zc_@dm+_C-Co|f|mx#~NW#{Lsqc^xQ$F0)TutOR0bwkE*lsH`a|n}7~Q^?q8|Q+!vR
z*(2|~AEE>jehJSX`df(MF(rk5G6@Y$DNu`%sH6-bB*Drgz<Qaa$F)-4{t(#+YYwk5
z66G2j6pOO6cdFZ$%k!_zScULgS+5hD#%|lWPntBnv{l0uEC9Y}x_2W-lxB29cY0#9
z%EU%2u4G1yq2GFeb<l=$7QbeGEbK)<S4ypUB^lrC#1C&KCpwmPCDOO0U@QO+=F(k}
zQl_G#MwRwOuLo<C+zn#%fIXGrjCzGHA&F!Lw^%>=G#FYq+51#^Zav8wihyplm33EF
zW(eqMw$6X+p{-ZV`+WL1H8A=-SvZyoOrifpTv}I`b>t?i<zwE2@!@nDb~Sc=hfqhs
zVcOkPR-Rney`Gnv)X~Yb$&%@wwGAl|$|mhrZ<{`cz2wPP{Bk6N;9qq)M33UhTv|?o
z-4%EC#N@Tmx&2yykmGc4bejc?jNneLPE#2RYX4Zs{ffbJBJi^|xP2|hHD2BsqOTMi
zH^~}=Zno)~bM@`zip`pHg`~DDVm0CEu@dfAO{pnUqQ>)EhuFA7kJsv2Wbm<YQ=&*c
zM@far@~#io?zmM2nga8&Ih$hEievdsG(zaY<Mm_Op@)2aBnjqRi6!(jwW~d*)d%+>
z8*oGZaw{v=zB6Qa4P4P9$PwXK$WlnaoN$YqpjpLSEw2*FVaqe1cZ{F{%fE`OSA4tu
zp&OaWk#w4~0=l6xHJB#ndSBg%jqR)|VF#d^3=5n{RWy=+Wr#8sdf3$PAcU5GpUC7E
zZ@$cxwUvEt<2Gh-+>zne;H@u!8)I5rs#Y1Y9R_?yjSXD~vRNAWT5)??3ZH=9**_BW
zia-RLr;T|tz(ubhsfobpGZxMvkM-Oq`D3wXShK1`_Og%GoEv#Z-3CeTP~c=EV^n1+
zTv8D&8ybUUI#j+<gKz9%Yco-(KyS@Q+ag@YS9^$Vyk`o{l8?*HP0G@oJ9hd;uff=h
z%Z(*1%*+P*;Vk8p-XzyWPm0mhs=j^9F`U2NT}-ax+W&H}0D&@_E*xm^zN19|Z)o6j
z3d5I4uh&;}OG!|CTrBBqJ^0#x#>wu4mNRwz{+kZ)DQ)uNXql5Ubf)9G-sWl6hx!)c
zPkoBEBwlx)Q;k>ACGQ7!O7`?W%TNF8K3`yR|5b(5k-Ox#p056>q>c^cUTg2kdw?)u
z8)F~Eh5B3VtM%+swXKwI-jRm$Xx!6apWDmh%RTOJfCOnh2E8q3=+{i~WoJWFycLUL
zzn|sVjzu$f8a9M8@$S)kc<e#JdsX~gafqIZ74Jq9rKSz09Y9O~IlOXAX#cJXMGCM>
zvZ)n+gEOz(d)LEZB8czpv^sgUro7QpQGuN9ywz_wB1v)QHt=vs6rroSDyy$}fAtMs
z$Ne_{VD{veUMcCgX4SXH?b_jO{q<HA3ltd>>%a%G@04B{)r8&6)~2QWfVEQ=cqDRa
zK3ZaJXAd5&Nx=v!C@5G;79luvsBx${Z}hv{N4BL9X(9eiF{wJ$2V+|Y4qC!xw08?|
z@^CCoqf+k9^cXa)2CWf#={NF;C1}lcYZdc7bs<Kk73sn;7C#X$^Z7NItU$l<cJi3C
z8{PYC5n5PsM@shatjhmx;`UoNk%brm`EfeeFkAn7K@VqombTYh!p>gMuRbynO6jdr
zZUlh>#Z?|mbrsa-x?k@tESeDPx=!38ODrY~Ip}Wuk}~H~TmP_TbL(4wVu)-<N34b9
z*S+9f*SHNKkAUduUa#q?^IBPYJ$~-zH`0dGFx+*l$e{uKP7L^CSm)RaA*95D(J9*=
z4aCphTW!(D<6Ed}wI+;`yaTnRraqcx>`U~bp29!agxAsso$ObhJo7gxEsLOUi<`YY
z<L9#2aAi6AP`YOGRBW1esv5{1b=8V=4Z6EKNHnh-Uh2IFr`|0#y7t^P#~X2y<ms>0
zO{vyQSJA;>ZnG3L$sTw5F;=o~9VZl{eUs=s&~M4KG)gXUvGc3$ffuf*cxas&!MWK{
zaCW}+c3aW1Sh|gvMJ{JMZ#F*ZF5#}o&UQJyzr8~MwBoIGu5Nn?t@DoeLi0Nb8Xms4
z7;hi-kz0GO>5n?MOi?|P5hevDY+^{)sR#3rMAJ*Mx!;uDw%g)}lNyj@+>n(&g$kdO
zG0(=u#|V%!n36N!o}tApPc*GrikIqc*_{^GFYQ<LU;=q#B<r4fkL#U?+ew@N8p1_z
zyzvS#G+)y*S!_$xQ@e~+4`hX|VpP}7+@jX<n&<+InX)+Ie)s$!G`VGeU?5(Ln{5;t
znil>YkHj1Qt#s&De1JD=_7A)}{#4`a?Z`*03eJ1Ltsi&AcYQu{0K~#mHv@-vPF4c1
zRJZtR{O2b1a_jkPm&(n{4f(T8h5o}f^@1n-|6r?8LYHF*m_+*E3=cFY-8#W@T{3@w
zFj`b=ocM~b+~X*TFpk3$AHNq`YZ!i%(?Z<sWKW+gx5qw-nVKv#7+(Ox=dGWXs3d+{
zg~A`d9EkC$_kUQORVOVq^>t%iM$<f8Un@CA^mM7N)`%|a^Vh+Ucnuk3PdqhBny#sb
zQxfH_A7IT`->ElL$-{H#2AbR%S7v@;BFfvo88;EIS0&cA+!U|$!815z&)(WdP`S8*
z;<`4?NI6v)JRWxby__H=pl|vqnRfdC|M%!+noMr7VES}2r}vq`nwHo)S<%o^W2xM*
z<^WRdYyO=+UznzRRn++w>jZ2U4GTD)gVMO2+Nm%f%?hu`I*YAgi9*QIMx!f|{BAzX
zjB;gL(8{d1Lh)IFsdy}U>Qf(egZI`P2U{k#2>XV9b_!l)->W%M{FUgf5;b;w_iT{f
zGo}rSroxG$t;%h`$z=)Sr@Jpm!oZ)eOrKe=ioWV<C}kIZ_hY?Y^&fouoByBz0yiJ`
zAJ_gJqyHo|7nny1;cD(;<K%{P`3YmtA{A2yG{%7|NUG_|u-|8r=40ZAF$qAJq+v`F
z0!#w1KZ-J@4mS4QKw%ka85uAb29uP6@xmlvuuGJ5LFBDmf!xqP>XMR3FQ5UCQ-Fsb
z$cY{q8d?eP0U=->KA_R1lDwO#y^Xnqqm?}Z2)>j^xSAu-D2k8wXDb(jy~uMyx%n^4
z@0mKuA#ALy-7cHC6luC49CU#EKkHv)<bG!^9v2N-5Ky%8<&^%5VqLJUi{)?u#s0F*
z&-UES+%CD6mWw;$qU=&CY3ho&q-6i6oi0e%J!?~!-<D7^{gsD6_%56JS1$k|7k>J=
z+@u}R#~C(`RzQ%hjiZF4tIco0Wj$RR3pZ<5v_YZV7a;JzT|5FX;J^RCmy+N2|E$f+
zcOm12UYG_9<m0;leLpXLbZfuUyf6VE49o-M1z*fMFi?Q!V)*}l@$iFzFentr!^4Y4
zSpq;F-k(}9bgNMQi`HN~P;`nL$Pa@8VSH#Uv>9OB7kzT0>vE%e<c7e|CE%Y^1??rI
zwxi9(X%Bi9p|v#rh9m{h`G0k$>VF_f$VJmXt*ip%{^^HHCi&Yb|HrYCa-0bAJ(wiy
z;55q94m#AtE&nDb0{dobFp0sc35!l?)Z9m2%=4^Pzt>%ao0G1d#39gPHRXN$sQf}3
zU|e;-_=Y=D5=VT)o?;6V`~B5-cj5KxBrRjM$q|j7la(+!?}8#vlNQD8N2fINl(u&@
z$9+Yz9H>Kg{ndqsy<WU{Qi|H5fQvjuWQV?ARUWr84^uh6yB_u^7Uw8W=jF|}3keZk
z>H!)@5?T%SeLohu4^fQV7LI&i^~8IH2ofrN{0~v%H^@at4T!*BQR6qx{A*?CX&@{w
z4fYFT^8H+j{~N;8wDCdvNZ{v`1sXtrXh;8C?ixrWdfooP${=}1OC%8O<zL?XbA)GZ
zVsd!?Eb>9(g9niho<4Z+_zRsJcq>GYN?bAr&<e+79{rAS?QT5B1OmvAfyI~~6k0<Y
z0l>c1+}R9ZOry+I3^E&-Bp|r**$D6tyw=st)Wyxq1^rBXU>F3Cg+*Fb2Je3WF&4(U

literal 0
HcmV?d00001

diff --git a/DSD/qrs/images/2w_experiment.svg b/DSD/qrs/images/2w_experiment.svg
index 115e9b4..5cff0e5 100644
--- a/DSD/qrs/images/2w_experiment.svg
+++ b/DSD/qrs/images/2w_experiment.svg
@@ -2,12 +2,12 @@
 <!-- Created with Inkscape (http://www.inkscape.org/) -->
 
 <svg
-   width="609.7691mm"
-   height="247.08583mm"
-   viewBox="0 0 609.7691 247.08583"
+   width="540.15057mm"
+   height="120.66377mm"
+   viewBox="0 0 540.15057 120.66377"
    version="1.1"
    id="svg5"
-   inkscape:version="1.2.2 (1:1.2.2+202305151915+b0a8486541)"
+   inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
    sodipodi:docname="2w_experiment.svg"
    inkscape:export-filename="2w_experiment.pdf"
    inkscape:export-xdpi="175.618"
@@ -28,12 +28,12 @@
      inkscape:document-units="mm"
      showgrid="false"
      inkscape:zoom="0.5"
-     inkscape:cx="1336"
-     inkscape:cy="587"
+     inkscape:cx="1017"
+     inkscape:cy="334"
      inkscape:window-width="1920"
-     inkscape:window-height="1016"
-     inkscape:window-x="1920"
-     inkscape:window-y="27"
+     inkscape:window-height="1030"
+     inkscape:window-x="3840"
+     inkscape:window-y="26"
      inkscape:window-maximized="1"
      inkscape:current-layer="layer1" />
   <defs
@@ -42,7 +42,7 @@
      inkscape:label="Layer 1"
      inkscape:groupmode="layer"
      id="layer1"
-     transform="translate(-7.2606705,-63.577428)">
+     transform="translate(-25.925243,-96.337988)">
     <rect
        style="fill:#cccccc;stroke:none;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
        id="rect241"
@@ -213,240 +213,224 @@
        y="138.23457" />
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="101.00295"
-       y="134.59116"
+       y="105.39599"
        id="text649"><tspan
          sodipodi:role="line"
          id="tspan647"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="101.00295"
-         y="134.59116">0</tspan></text>
+         y="105.39599">0</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="176.763"
-       y="134.59116"
+       y="105.39599"
        id="text653"><tspan
          sodipodi:role="line"
          id="tspan651"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="176.763"
-         y="134.59116">4</tspan></text>
+         y="105.39599">4</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="252.67912"
-       y="134.59116"
+       y="105.39599"
        id="text707"><tspan
          sodipodi:role="line"
          id="tspan705"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="252.67912"
-         y="134.59116">8</tspan></text>
+         y="105.39599">8</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="325.16156"
-       y="134.59116"
+       y="105.39599"
        id="text711"><tspan
          sodipodi:role="line"
          id="tspan709"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="325.16156"
-         y="134.59116">12</tspan></text>
+         y="105.39599">12</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="400.8316"
-       y="134.59116"
+       y="105.39599"
        id="text715"><tspan
          sodipodi:role="line"
          id="tspan713"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="400.8316"
-         y="134.59116">16</tspan></text>
+         y="105.39599">16</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="476.84982"
-       y="134.59116"
+       y="105.39599"
        id="text719"><tspan
          sodipodi:role="line"
          id="tspan717"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="476.84982"
-         y="134.59116">20</tspan></text>
+         y="105.39599">20</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="552.4118"
-       y="134.59116"
+       y="105.39599"
        id="text723"><tspan
          sodipodi:role="line"
          id="tspan721"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="552.4118"
-         y="134.59116">24</tspan></text>
+         y="105.39599">24</tspan></text>
     <path
        id="rect2057"
-       style="fill:#80b3ff;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
-       d="m 217.28525,157.87929 189.69775,0 v 7.29425 l -189.69775,0 z"
+       style="fill:#80b3ff;stroke-width:0.670833;stroke-linecap:round;stroke-linejoin:round"
+       d="m 217.59796,152.04333 h 189.39268 v 13.13021 l -189.39268,-0.0539 z"
        sodipodi:nodetypes="ccccc" />
     <text
        xml:space="preserve"
-       style="font-size:6px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       style="font-size:9px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
        x="296.68713"
-       y="163.61142"
+       y="162.5531"
        id="text2158"><tspan
          sodipodi:role="line"
          id="tspan2156"
-         style="font-size:6px;stroke-width:0.264583"
+         style="font-size:9px;stroke-width:0.264583"
          x="296.68713"
-         y="163.61142">Work Hours</tspan></text>
+         y="162.5531">Work Hours</tspan></text>
     <path
        id="path2160"
-       style="fill:#ffe680;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
-       d="m 482.59239,157.87929 75.9088,0.0276 v 7.29425 l -75.9088,-0.0276 z"
-       sodipodi:nodetypes="ccccc" />
+       style="fill:#ffe680;stroke-width:0.669568;stroke-linecap:round;stroke-linejoin:round"
+       d="m 480.05162,152.04333 78.4472,0.0495 v 1.44799 11.63273 l -78.4472,-0.0939 z"
+       sodipodi:nodetypes="cccccc" />
     <text
        xml:space="preserve"
-       style="font-size:6px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       style="font-size:9px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
        x="503.9718"
-       y="163.52922"
+       y="162.4709"
        id="text2164"><tspan
          sodipodi:role="line"
          id="tspan2162"
-         style="font-size:6px;stroke-width:0.264583"
+         style="font-size:9px;stroke-width:0.264583"
          x="503.9718"
-         y="163.52922">Maintenance</tspan></text>
+         y="162.4709">Maintenance</tspan></text>
     <path
        id="path2166"
        style="fill:#cd87de;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
-       d="m 103.9744,157.87929 113.62356,-0.0539 v 7.29425 l -113.62356,0.0539 z"
-       sodipodi:nodetypes="ccccc" />
+       d="m 103.9744,152.09723 113.62356,-0.0539 h 0.008 v 13.07631 l -113.63109,0.0539 z"
+       sodipodi:nodetypes="cccccc" />
     <path
        id="path2168"
-       style="fill:#cd87de;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
-       d="m 406.96876,157.87929 75.76936,0.0276 v 7.26864 l -75.76936,-0.002 z"
+       style="fill:#cd87de;stroke-width:0.669568;stroke-linecap:round;stroke-linejoin:round"
+       d="m 406.99064,152.04333 75.75408,0.002 v 13.03479 l -75.75588,0.0937 z"
        sodipodi:nodetypes="ccccc" />
     <text
        xml:space="preserve"
-       style="font-size:6px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       style="font-size:9px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
        x="154.0302"
-       y="162.95747"
+       y="161.89915"
        id="text2174"><tspan
          sodipodi:role="line"
          id="tspan2172"
-         style="font-size:6px;stroke-width:0.264583"
+         style="font-size:9px;stroke-width:0.264583"
          x="154.0302"
-         y="162.95747">Sleep</tspan></text>
+         y="161.89915">Sleep</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:6px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       style="font-size:9px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
        x="438.09744"
-       y="162.98541"
+       y="161.92709"
        id="text2178"><tspan
          sodipodi:role="line"
          id="tspan2176"
-         style="font-size:6px;stroke-width:0.264583"
+         style="font-size:9px;stroke-width:0.264583"
          x="438.09744"
-         y="162.98541">Sleep</tspan></text>
+         y="161.92709">Sleep</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="39.374374"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="25.745243"
        y="156.27774"
        id="text2186"><tspan
          sodipodi:role="line"
          id="tspan2184"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
+         style="font-size:12px;stroke-width:0.264583"
+         x="25.745243"
          y="156.27774">Established</tspan><tspan
          sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="168.77774"
+         style="font-size:12px;stroke-width:0.264583"
+         x="25.745243"
+         y="171.27774"
          id="tspan2188">timetable</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="39.374374"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="25.745243"
        y="199.00177"
        id="text2194"><tspan
          sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
+         style="font-size:12px;stroke-width:0.264583"
+         x="25.745243"
          y="199.00177"
          id="tspan2192">Rules</tspan></text>
     <path
        id="rect2306"
        style="fill:#cd87de;stroke:none;stroke-width:0.528779;stroke-linecap:round;stroke-linejoin:round"
-       d="m 103.9744,191.94177 v 11.20707 h 1.79055 v -4.91908 l 128.9885,0.27891 v 4.64017 h 1.79054 v -11.20707 h -1.79054 v 5.19799 l -128.9885,-0.27891 v -4.91908 z"
+       d="m 103.9744,191.94177 v 11.20707 h 1.79055 v -4.91908 l 110.18228,0.28486 v 4.64017 h 1.79054 v -11.20707 h -1.79054 v 5.19799 l -110.18228,-0.28486 v -4.91908 z"
        sodipodi:nodetypes="ccccccccccccc" />
     <path
        id="path2338"
        style="fill:#cd87de;stroke:none;stroke-width:0.531212;stroke-linecap:round;stroke-linejoin:round"
-       d="m 444.8677,191.94177 v 11.20707 h 1.80705 v -4.91908 l 53.20141,0.27891 v 4.64017 h 1.80705 v -11.20707 h -1.80705 v 5.19799 l -53.20141,-0.27891 v -4.91908 z"
-       sodipodi:nodetypes="ccccccccccccc" />
-    <path
-       id="path2388"
-       style="fill:#cd87de;stroke:none;stroke-width:0.491015;stroke-linecap:round;stroke-linejoin:round"
-       d="m 539.5603,191.94177 v 11.20707 h 1.54392 v -4.91908 l 15.85069,0.27891 v 4.64017 h 1.54392 v -11.20707 h -1.54392 v 5.19799 l -15.85069,-0.27891 v -4.91908 z"
+       d="m 407.12295,191.94177 v 11.20707 H 408.93 v -4.91908 l 72.13994,0.33511 v 4.64017 h 1.80705 v -11.20707 h -1.80705 v 5.19799 L 408.93,196.86085 v -4.91908 z"
        sodipodi:nodetypes="ccccccccccccc" />
     <text
        xml:space="preserve"
-       style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="166.8512"
-       y="195.09633"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="157.85608"
+       y="195.06633"
        id="text2497"><tspan
          sodipodi:role="line"
          id="tspan2495"
-         style="font-size:8px;stroke-width:0.264583"
-         x="166.8512"
-         y="195.09633">1</tspan></text>
+         style="font-size:12px;stroke-width:0.264583"
+         x="157.85608"
+         y="195.06633">1</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="472.68344"
-       y="195.09633"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="441.99997"
+       y="195.06633"
        id="text2501"><tspan
          sodipodi:role="line"
          id="tspan2499"
-         style="font-size:8px;stroke-width:0.264583"
-         x="472.68344"
-         y="195.09633">1</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="547.44647"
-       y="195.09633"
-       id="text2505"><tspan
-         sodipodi:role="line"
-         id="tspan2503"
-         style="font-size:8px;stroke-width:0.264583"
-         x="547.44647"
-         y="195.09633">1</tspan></text>
+         style="font-size:12px;stroke-width:0.264583"
+         x="441.99997"
+         y="195.06633">1</tspan></text>
     <path
        id="path2507"
        style="fill:#ffe680;fill-opacity:1;stroke:none;stroke-width:0.531212;stroke-linecap:round;stroke-linejoin:round"
-       d="m 501.68328,191.94177 v 11.20707 h 1.80705 v -4.91908 l 34.26392,0.27891 v 4.64017 h 1.80705 v -11.20707 h -1.80705 v 5.19799 l -34.26392,-0.27891 v -4.91908 z"
+       d="m 482.87699,191.99797 v 11.20707 h 1.80705 v -4.91908 l 72.0466,-0.042 v 4.64017 h 1.80705 v -11.20707 h -1.80705 v 5.19799 l -72.0466,0.042 v -4.91908 z"
        sodipodi:nodetypes="ccccccccccccc" />
     <text
        xml:space="preserve"
-       style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="518.62177"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="517.69531"
        y="195.09633"
        id="text2925"><tspan
          sodipodi:role="line"
          id="tspan2923"
-         style="font-size:8px;stroke-width:0.264583"
-         x="518.62177"
+         style="font-size:12px;stroke-width:0.264583"
+         x="517.69531"
          y="195.09633">2</tspan></text>
     <path
        id="path2927"
        style="fill:#80b3ff;fill-opacity:1;stroke:none;stroke-width:0.528779;stroke-linecap:round;stroke-linejoin:round"
-       d="m 236.54399,191.94177 v 11.20707 h 1.79054 v -4.91908 l 204.74866,0.27891 v 4.64017 h 1.79054 v -11.20707 h -1.79054 v 5.19799 l -204.74866,-0.27891 v -4.91908 z"
+       d="m 217.73777,191.94177 v 11.20707 h 1.79054 v -4.91908 l 185.8041,0.31772 v 4.64017 h 1.79054 v -11.20707 h -1.79054 v 5.19799 l -185.8041,-0.31772 v -4.91908 z"
        sodipodi:nodetypes="ccccccccccccc" />
     <text
        xml:space="preserve"
@@ -466,224 +450,107 @@
        sodipodi:nodetypes="ccccccccccccc" />
     <text
        xml:space="preserve"
-       style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="338.69785"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="328.23804"
        y="209.30025"
        id="text3075"><tspan
          sodipodi:role="line"
          id="tspan3073"
-         style="font-size:8px;stroke-width:0.264583"
-         x="338.69785"
+         style="font-size:12px;stroke-width:0.264583"
+         x="328.23804"
          y="209.30025">3</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="39.374374"
-       y="245.46527"
-       id="text3079"><tspan
-         sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="245.46527"
-         id="tspan3077">1: Device should be in &quot;sleep&quot; state.</tspan><tspan
-         sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="257.96527"
-         id="tspan3081">2: Exactly one &quot;reboot&quot; occurence and no &quot;high&quot; occurence.</tspan><tspan
-         sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="270.46527"
-         id="tspan3091">3: There should not be &quot;high&quot; states for more than 2m.</tspan><tspan
-         sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="282.96527"
-         id="tspan3099">4: No &quot;reboot&quot; occurence.</tspan><tspan
-         sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="295.46527"
-         id="tspan3085" /></text>
-    <text
-       xml:space="preserve"
-       style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="338.69785"
-       y="195.06433"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="309.46637"
+       y="195.10233"
        id="text3097"><tspan
          sodipodi:role="line"
          id="tspan3095"
-         style="font-size:8px;stroke-width:0.264583"
-         x="338.69785"
-         y="195.06433">4</tspan></text>
+         style="font-size:12px;stroke-width:0.264583"
+         x="309.46637"
+         y="195.10233">4</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="39.374374"
-       y="134.27829"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="25.745243"
+       y="105.08312"
        id="text3244"><tspan
          sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="134.27829"
-         id="tspan3242">UTC</tspan></text>
+         style="font-size:12px;stroke-width:0.264583"
+         x="25.745243"
+         y="105.08312"
+         id="tspan3242">Time</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="101.04498"
-       y="118.70661"
-       id="text3252"><tspan
-         sodipodi:role="line"
-         id="tspan3250"
-         style="stroke-width:0.0794137"
-         x="101.04498"
-         y="118.70661">4</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
-       x="176.96111"
-       y="118.70661"
-       id="text3256"><tspan
-         sodipodi:role="line"
-         id="tspan3254"
-         style="stroke-width:0.0794137"
-         x="176.96111"
-         y="118.70661">8</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
-       x="249.44354"
-       y="118.70661"
-       id="text3260"><tspan
-         sodipodi:role="line"
-         id="tspan3258"
-         style="stroke-width:0.0794137"
-         x="249.44354"
-         y="118.70661">12</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
-       x="325.11359"
-       y="118.70661"
-       id="text3264"><tspan
-         sodipodi:role="line"
-         id="tspan3262"
-         style="stroke-width:0.0794137"
-         x="325.11359"
-         y="118.70661">16</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
-       x="401.13181"
-       y="118.70661"
-       id="text3268"><tspan
-         sodipodi:role="line"
-         id="tspan3266"
-         style="stroke-width:0.0794137"
-         x="401.13181"
-         y="118.70661">20</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
-       x="476.69379"
-       y="118.70661"
-       id="text3272"
-       inkscape:export-filename="text3272.pdf"
-       inkscape:export-xdpi="175.618"
-       inkscape:export-ydpi="175.618"><tspan
-         sodipodi:role="line"
-         id="tspan3270"
-         style="stroke-width:0.0794137"
-         x="476.69379"
-         y="118.70661">24</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="39.374374"
-       y="118.39375"
-       id="text3276"><tspan
-         sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="118.39375"
-         id="tspan3274">EST</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
-       x="555.52734"
-       y="118.62257"
-       id="text3280"><tspan
-         sodipodi:role="line"
-         id="tspan3278"
-         style="stroke-width:0.0794137"
-         x="555.52734"
-         y="118.62257">4</tspan></text>
-    <text
-       xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
-       x="101.04498"
-       y="98.001839"
+       y="126.33556"
        id="text590"><tspan
          sodipodi:role="line"
          id="tspan588"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="101.04498"
-         y="98.001839">0</tspan></text>
+         y="126.33556">0</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
-       x="39.374374"
-       y="97.68898"
+       style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+       x="25.745243"
+       y="126.0227"
        id="text614"><tspan
          sodipodi:role="line"
-         style="font-size:10px;stroke-width:0.264583"
-         x="39.374374"
-         y="97.68898"
-         id="tspan612">Compressed</tspan></text>
+         style="font-size:12px;stroke-width:0.264583"
+         x="25.745243"
+         y="126.0227"
+         id="tspan612">Compressed</tspan><tspan
+         sodipodi:role="line"
+         style="font-size:12px;stroke-width:0.264583"
+         x="25.745243"
+         y="141.02271"
+         id="tspan775">Time</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="555.52734"
-       y="98.085876"
+       y="126.41959"
        id="text421"><tspan
          sodipodi:role="line"
          id="tspan419"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="555.52734"
-         y="98.085876">4</tspan></text>
+         y="126.41959">4</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="214.53951"
-       y="98.049866"
+       y="126.38358"
        id="text425"><tspan
          sodipodi:role="line"
          id="tspan423"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="214.53951"
-         y="98.049866">1</tspan></text>
+         y="126.38358">1</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="327.96201"
-       y="98.07988"
+       y="126.4136"
        id="text429"><tspan
          sodipodi:role="line"
          id="tspan427"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="327.96201"
-         y="98.07988">2</tspan></text>
+         y="126.4136">2</tspan></text>
     <text
        xml:space="preserve"
-       style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
+       style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
        x="441.58859"
-       y="98.001839"
+       y="126.33556"
        id="text433"><tspan
          sodipodi:role="line"
          id="tspan431"
-         style="stroke-width:0.0794137"
+         style="font-size:14px;stroke-width:0.0794137"
          x="441.58859"
-         y="98.001839">3</tspan></text>
+         y="126.33556">3</tspan></text>
   </g>
 </svg>
diff --git a/DSD/qrs/main.tex b/DSD/qrs/main.tex
index c793a48..48a9849 100644
--- a/DSD/qrs/main.tex
+++ b/DSD/qrs/main.tex
@@ -596,7 +596,7 @@ The scenario comprises 4 phases:
 \begin{figure}
 \centering
 \includegraphics[width=0.49\textwidth]{images/2w_experiment.pdf}
-\caption{Overview of the scenario and rules for the Second case study.}
+\caption{Overview of the scenario and rules for the second case study.}
 \label{fig:2w_experiment}
 \end{figure}
 
@@ -622,25 +622,21 @@ The rules are formaly defined using the \gls{stl} syntax which is bespoke for de
 
 \begin{table*}
     \centering
-    \begin{tabular}{p{0.03\textwidth} | p{0.20\textwidth} | p{0.47\textwidth} | p{0.20\textwidth}}
+    \begin{tabular}{p{0.03\textwidth} | p{0.25\textwidth} | p{0.37\textwidth} | p{0.25\textwidth}}
         Rule & Description & STL Formula & Threat\\
         \toprule
-        1 & "SLEEP" state only & $R_1 := \square_{[0,1h]\cup [2h40,3h20]}(SLEEP=1)$ & Machine takeover, Botnet, Rogue Employee\\
-        2 & Exactly one occurence of "REBOOT" & $R_2 := \lozenge(REBOOT_{[t]}=1) \cup (\neg \square_{[,2h40]}(REBOOT=1)$ & \gls{apt}, Backdoors\\
-        3 & No "HIGH" state for more than 30s. & $R_3 :=  \square (HIGH_{[t_0]}=1 \rightarrow \lozenge_{[t_0,t_0+30s]}(HIGH_{[t]}=0))$ & CryptoMining Malware, Ransomware, BotNet\\
-        4 & No "REBOOT" occurence. & $R_4 := \neg \square_{[1h,2h40]}(REBOOT_{[t]}=1)$ & Malware Installation\\
+        1 & "SLEEP" state only & $R_1 := \square_{[0,1h]\cup [2h40,3h20]}(s[t]=0)$ & Machine takeover, Botnet\cite{mitre_botnet}, Rogue Employee\\
+        2 & Exactly one occurence of "REBOOT" & $R_2 := \lozenge(s[t]=3) \cup (\neg \square_{[,2h40]}(s[t]=3)$ & \gls{apt}\cite{mitre_prevent}, Backdoors\\
+        3 & No "HIGH" state for more than 30s. & $R_3 :=  \square (s[t_0]=2 \rightarrow \lozenge_{[t_0,t_0+30s]}(s[t]=2))$ & CryptoMining Malware \cite{mitre_crypto}, Ransomware\cite{mitre_ransomware}, BotNet\cite{mitre_botnet}\\
+        4 & No "REBOOT" occurence. & $R_4 := \neg \square_{[1h,2h40]}(s[t]=3)$ & Malware Installation\\
         \bottomrule
     \end{tabular}
-    \caption{Characteristics of the machines in the evaluation dataset.}
+    \caption{Security rules applied to the detected states of the machine. $s[t]$ represent the label at time $t$.}
     \label{tab:rules}
 \end{table*}
-\agd{add MITRE references for each threat}
-\agd{fix stl formulas to use labels and not states name}
 
 
 
-\subsection{Dataset}
-
 \subsection{Results}
 
 \section{Discussion}\label{sec:discussion}