grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-07-14 00:02:52 -04:00
parent dda69366e0
commit 5f2cb74c7b
4 changed files with 169 additions and 288 deletions
Download patch file Download diff file Expand all files Collapse all files

20
DSD/qrs/biblio.bib
View file

@ -610,7 +610,25 @@ series = {CoDS COMAD 2020}
}
@misc{sleep_states,
title={Sleep States Description: },
title={Sleep States Description},
url={https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/system-sleeping-states},
year={2023},
}
@misc{mitre_crypto,
title={Mitre ATT\&CK - T1496 Resource Hijacking},
url = {https://attack.mitre.org/versions/v13/techniques/T1496/},
}
@misc{mitre_botnet,
title={Mitre ATT\&CK - T1583.005 Acquire Infrastructure: Botnet},
url = {https://attack.mitre.org/versions/v13/techniques/T1583/005/},
}
@misc{mitre_prevent,
title={Mitre ATT\&CK - T1562.001 Impair Defenses: Disable or Modify Tools},
url = {https://attack.mitre.org/versions/v13/techniques/T1562/001/},
}
@misc{mitre_ransomware,
title={Mitre ATT\&CK - T1486 Data Encrypted for Impact},
url = {https://attack.mitre.org/versions/v13/techniques/T1486/},
}

BIN
DSD/qrs/images/2w_experiment.pdf Normal file
View file

Binary file not shown.

419
DSD/qrs/images/2w_experiment.svg
View file

@ -2,12 +2,12 @@
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="609.7691mm"
height="247.08583mm"
viewBox="0 0 609.7691 247.08583"
width="540.15057mm"
height="120.66377mm"
viewBox="0 0 540.15057 120.66377"
version="1.1"
id="svg5"
inkscape:version="1.2.2 (1:1.2.2+202305151915+b0a8486541)"
inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
sodipodi:docname="2w_experiment.svg"
inkscape:export-filename="2w_experiment.pdf"
inkscape:export-xdpi="175.618"
@ -28,12 +28,12 @@
inkscape:document-units="mm"
showgrid="false"
inkscape:zoom="0.5"
inkscape:cx="1336"
inkscape:cy="587"
inkscape:cx="1017"
inkscape:cy="334"
inkscape:window-width="1920"
inkscape:window-height="1016"
inkscape:window-x="1920"
inkscape:window-y="27"
inkscape:window-height="1030"
inkscape:window-x="3840"
inkscape:window-y="26"
inkscape:window-maximized="1"
inkscape:current-layer="layer1" />
<defs
@ -42,7 +42,7 @@
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(-7.2606705,-63.577428)">
transform="translate(-25.925243,-96.337988)">
<rect
style="fill:#cccccc;stroke:none;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
id="rect241"
@ -213,240 +213,224 @@
y="138.23457" />
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="101.00295"
y="134.59116"
y="105.39599"
id="text649"><tspan
sodipodi:role="line"
id="tspan647"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="101.00295"
y="134.59116">0</tspan></text>
y="105.39599">0</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="176.763"
y="134.59116"
y="105.39599"
id="text653"><tspan
sodipodi:role="line"
id="tspan651"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="176.763"
y="134.59116">4</tspan></text>
y="105.39599">4</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="252.67912"
y="134.59116"
y="105.39599"
id="text707"><tspan
sodipodi:role="line"
id="tspan705"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="252.67912"
y="134.59116">8</tspan></text>
y="105.39599">8</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="325.16156"
y="134.59116"
y="105.39599"
id="text711"><tspan
sodipodi:role="line"
id="tspan709"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="325.16156"
y="134.59116">12</tspan></text>
y="105.39599">12</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="400.8316"
y="134.59116"
y="105.39599"
id="text715"><tspan
sodipodi:role="line"
id="tspan713"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="400.8316"
y="134.59116">16</tspan></text>
y="105.39599">16</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="476.84982"
y="134.59116"
y="105.39599"
id="text719"><tspan
sodipodi:role="line"
id="tspan717"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="476.84982"
y="134.59116">20</tspan></text>
y="105.39599">20</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="552.4118"
y="134.59116"
y="105.39599"
id="text723"><tspan
sodipodi:role="line"
id="tspan721"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="552.4118"
y="134.59116">24</tspan></text>
y="105.39599">24</tspan></text>
<path
id="rect2057"
style="fill:#80b3ff;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
d="m 217.28525,157.87929 189.69775,0 v 7.29425 l -189.69775,0 z"
style="fill:#80b3ff;stroke-width:0.670833;stroke-linecap:round;stroke-linejoin:round"
d="m 217.59796,152.04333 h 189.39268 v 13.13021 l -189.39268,-0.0539 z"
sodipodi:nodetypes="ccccc" />
<text
xml:space="preserve"
style="font-size:6px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
style="font-size:9px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="296.68713"
y="163.61142"
y="162.5531"
id="text2158"><tspan
sodipodi:role="line"
id="tspan2156"
style="font-size:6px;stroke-width:0.264583"
style="font-size:9px;stroke-width:0.264583"
x="296.68713"
y="163.61142">Work Hours</tspan></text>
y="162.5531">Work Hours</tspan></text>
<path
id="path2160"
style="fill:#ffe680;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
d="m 482.59239,157.87929 75.9088,0.0276 v 7.29425 l -75.9088,-0.0276 z"
sodipodi:nodetypes="ccccc" />
style="fill:#ffe680;stroke-width:0.669568;stroke-linecap:round;stroke-linejoin:round"
d="m 480.05162,152.04333 78.4472,0.0495 v 1.44799 11.63273 l -78.4472,-0.0939 z"
sodipodi:nodetypes="cccccc" />
<text
xml:space="preserve"
style="font-size:6px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
style="font-size:9px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="503.9718"
y="163.52922"
y="162.4709"
id="text2164"><tspan
sodipodi:role="line"
id="tspan2162"
style="font-size:6px;stroke-width:0.264583"
style="font-size:9px;stroke-width:0.264583"
x="503.9718"
y="163.52922">Maintenance</tspan></text>
y="162.4709">Maintenance</tspan></text>
<path
id="path2166"
style="fill:#cd87de;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
d="m 103.9744,157.87929 113.62356,-0.0539 v 7.29425 l -113.62356,0.0539 z"
sodipodi:nodetypes="ccccc" />
d="m 103.9744,152.09723 113.62356,-0.0539 h 0.008 v 13.07631 l -113.63109,0.0539 z"
sodipodi:nodetypes="cccccc" />
<path
id="path2168"
style="fill:#cd87de;stroke-width:0.499999;stroke-linecap:round;stroke-linejoin:round"
d="m 406.96876,157.87929 75.76936,0.0276 v 7.26864 l -75.76936,-0.002 z"
style="fill:#cd87de;stroke-width:0.669568;stroke-linecap:round;stroke-linejoin:round"
d="m 406.99064,152.04333 75.75408,0.002 v 13.03479 l -75.75588,0.0937 z"
sodipodi:nodetypes="ccccc" />
<text
xml:space="preserve"
style="font-size:6px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
style="font-size:9px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="154.0302"
y="162.95747"
y="161.89915"
id="text2174"><tspan
sodipodi:role="line"
id="tspan2172"
style="font-size:6px;stroke-width:0.264583"
style="font-size:9px;stroke-width:0.264583"
x="154.0302"
y="162.95747">Sleep</tspan></text>
y="161.89915">Sleep</tspan></text>
<text
xml:space="preserve"
style="font-size:6px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
style="font-size:9px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="438.09744"
y="162.98541"
y="161.92709"
id="text2178"><tspan
sodipodi:role="line"
id="tspan2176"
style="font-size:6px;stroke-width:0.264583"
style="font-size:9px;stroke-width:0.264583"
x="438.09744"
y="162.98541">Sleep</tspan></text>
y="161.92709">Sleep</tspan></text>
<text
xml:space="preserve"
style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="39.374374"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="25.745243"
y="156.27774"
id="text2186"><tspan
sodipodi:role="line"
id="tspan2184"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
style="font-size:12px;stroke-width:0.264583"
x="25.745243"
y="156.27774">Established</tspan><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="168.77774"
style="font-size:12px;stroke-width:0.264583"
x="25.745243"
y="171.27774"
id="tspan2188">timetable</tspan></text>
<text
xml:space="preserve"
style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="39.374374"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="25.745243"
y="199.00177"
id="text2194"><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
style="font-size:12px;stroke-width:0.264583"
x="25.745243"
y="199.00177"
id="tspan2192">Rules</tspan></text>
<path
id="rect2306"
style="fill:#cd87de;stroke:none;stroke-width:0.528779;stroke-linecap:round;stroke-linejoin:round"
d="m 103.9744,191.94177 v 11.20707 h 1.79055 v -4.91908 l 128.9885,0.27891 v 4.64017 h 1.79054 v -11.20707 h -1.79054 v 5.19799 l -128.9885,-0.27891 v -4.91908 z"
d="m 103.9744,191.94177 v 11.20707 h 1.79055 v -4.91908 l 110.18228,0.28486 v 4.64017 h 1.79054 v -11.20707 h -1.79054 v 5.19799 l -110.18228,-0.28486 v -4.91908 z"
sodipodi:nodetypes="ccccccccccccc" />
<path
id="path2338"
style="fill:#cd87de;stroke:none;stroke-width:0.531212;stroke-linecap:round;stroke-linejoin:round"
d="m 444.8677,191.94177 v 11.20707 h 1.80705 v -4.91908 l 53.20141,0.27891 v 4.64017 h 1.80705 v -11.20707 h -1.80705 v 5.19799 l -53.20141,-0.27891 v -4.91908 z"
sodipodi:nodetypes="ccccccccccccc" />
<path
id="path2388"
style="fill:#cd87de;stroke:none;stroke-width:0.491015;stroke-linecap:round;stroke-linejoin:round"
d="m 539.5603,191.94177 v 11.20707 h 1.54392 v -4.91908 l 15.85069,0.27891 v 4.64017 h 1.54392 v -11.20707 h -1.54392 v 5.19799 l -15.85069,-0.27891 v -4.91908 z"
d="m 407.12295,191.94177 v 11.20707 H 408.93 v -4.91908 l 72.13994,0.33511 v 4.64017 h 1.80705 v -11.20707 h -1.80705 v 5.19799 L 408.93,196.86085 v -4.91908 z"
sodipodi:nodetypes="ccccccccccccc" />
<text
xml:space="preserve"
style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="166.8512"
y="195.09633"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="157.85608"
y="195.06633"
id="text2497"><tspan
sodipodi:role="line"
id="tspan2495"
style="font-size:8px;stroke-width:0.264583"
x="166.8512"
y="195.09633">1</tspan></text>
style="font-size:12px;stroke-width:0.264583"
x="157.85608"
y="195.06633">1</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="472.68344"
y="195.09633"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="441.99997"
y="195.06633"
id="text2501"><tspan
sodipodi:role="line"
id="tspan2499"
style="font-size:8px;stroke-width:0.264583"
x="472.68344"
y="195.09633">1</tspan></text>
<text
xml:space="preserve"
style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="547.44647"
y="195.09633"
id="text2505"><tspan
sodipodi:role="line"
id="tspan2503"
style="font-size:8px;stroke-width:0.264583"
x="547.44647"
y="195.09633">1</tspan></text>
style="font-size:12px;stroke-width:0.264583"
x="441.99997"
y="195.06633">1</tspan></text>
<path
id="path2507"
style="fill:#ffe680;fill-opacity:1;stroke:none;stroke-width:0.531212;stroke-linecap:round;stroke-linejoin:round"
d="m 501.68328,191.94177 v 11.20707 h 1.80705 v -4.91908 l 34.26392,0.27891 v 4.64017 h 1.80705 v -11.20707 h -1.80705 v 5.19799 l -34.26392,-0.27891 v -4.91908 z"
d="m 482.87699,191.99797 v 11.20707 h 1.80705 v -4.91908 l 72.0466,-0.042 v 4.64017 h 1.80705 v -11.20707 h -1.80705 v 5.19799 l -72.0466,0.042 v -4.91908 z"
sodipodi:nodetypes="ccccccccccccc" />
<text
xml:space="preserve"
style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="518.62177"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="517.69531"
y="195.09633"
id="text2925"><tspan
sodipodi:role="line"
id="tspan2923"
style="font-size:8px;stroke-width:0.264583"
x="518.62177"
style="font-size:12px;stroke-width:0.264583"
x="517.69531"
y="195.09633">2</tspan></text>
<path
id="path2927"
style="fill:#80b3ff;fill-opacity:1;stroke:none;stroke-width:0.528779;stroke-linecap:round;stroke-linejoin:round"
d="m 236.54399,191.94177 v 11.20707 h 1.79054 v -4.91908 l 204.74866,0.27891 v 4.64017 h 1.79054 v -11.20707 h -1.79054 v 5.19799 l -204.74866,-0.27891 v -4.91908 z"
d="m 217.73777,191.94177 v 11.20707 h 1.79054 v -4.91908 l 185.8041,0.31772 v 4.64017 h 1.79054 v -11.20707 h -1.79054 v 5.19799 l -185.8041,-0.31772 v -4.91908 z"
sodipodi:nodetypes="ccccccccccccc" />
<text
xml:space="preserve"
@ -466,224 +450,107 @@
sodipodi:nodetypes="ccccccccccccc" />
<text
xml:space="preserve"
style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="338.69785"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="328.23804"
y="209.30025"
id="text3075"><tspan
sodipodi:role="line"
id="tspan3073"
style="font-size:8px;stroke-width:0.264583"
x="338.69785"
style="font-size:12px;stroke-width:0.264583"
x="328.23804"
y="209.30025">3</tspan></text>
<text
xml:space="preserve"
style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="39.374374"
y="245.46527"
id="text3079"><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="245.46527"
id="tspan3077">1: Device should be in &quot;sleep&quot; state.</tspan><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="257.96527"
id="tspan3081">2: Exactly one &quot;reboot&quot; occurence and no &quot;high&quot; occurence.</tspan><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="270.46527"
id="tspan3091">3: There should not be &quot;high&quot; states for more than 2m.</tspan><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="282.96527"
id="tspan3099">4: No &quot;reboot&quot; occurence.</tspan><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="295.46527"
id="tspan3085" /></text>
<text
xml:space="preserve"
style="font-size:8px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="338.69785"
y="195.06433"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="309.46637"
y="195.10233"
id="text3097"><tspan
sodipodi:role="line"
id="tspan3095"
style="font-size:8px;stroke-width:0.264583"
x="338.69785"
y="195.06433">4</tspan></text>
style="font-size:12px;stroke-width:0.264583"
x="309.46637"
y="195.10233">4</tspan></text>
<text
xml:space="preserve"
style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="39.374374"
y="134.27829"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="25.745243"
y="105.08312"
id="text3244"><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="134.27829"
id="tspan3242">UTC</tspan></text>
style="font-size:12px;stroke-width:0.264583"
x="25.745243"
y="105.08312"
id="tspan3242">Time</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="101.04498"
y="118.70661"
id="text3252"><tspan
sodipodi:role="line"
id="tspan3250"
style="stroke-width:0.0794137"
x="101.04498"
y="118.70661">4</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="176.96111"
y="118.70661"
id="text3256"><tspan
sodipodi:role="line"
id="tspan3254"
style="stroke-width:0.0794137"
x="176.96111"
y="118.70661">8</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="249.44354"
y="118.70661"
id="text3260"><tspan
sodipodi:role="line"
id="tspan3258"
style="stroke-width:0.0794137"
x="249.44354"
y="118.70661">12</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="325.11359"
y="118.70661"
id="text3264"><tspan
sodipodi:role="line"
id="tspan3262"
style="stroke-width:0.0794137"
x="325.11359"
y="118.70661">16</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="401.13181"
y="118.70661"
id="text3268"><tspan
sodipodi:role="line"
id="tspan3266"
style="stroke-width:0.0794137"
x="401.13181"
y="118.70661">20</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="476.69379"
y="118.70661"
id="text3272"
inkscape:export-filename="text3272.pdf"
inkscape:export-xdpi="175.618"
inkscape:export-ydpi="175.618"><tspan
sodipodi:role="line"
id="tspan3270"
style="stroke-width:0.0794137"
x="476.69379"
y="118.70661">24</tspan></text>
<text
xml:space="preserve"
style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="39.374374"
y="118.39375"
id="text3276"><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="118.39375"
id="tspan3274">EST</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="555.52734"
y="118.62257"
id="text3280"><tspan
sodipodi:role="line"
id="tspan3278"
style="stroke-width:0.0794137"
x="555.52734"
y="118.62257">4</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="101.04498"
y="98.001839"
y="126.33556"
id="text590"><tspan
sodipodi:role="line"
id="tspan588"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="101.04498"
y="98.001839">0</tspan></text>
y="126.33556">0</tspan></text>
<text
xml:space="preserve"
style="font-size:10px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="39.374374"
y="97.68898"
style="font-size:12px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
x="25.745243"
y="126.0227"
id="text614"><tspan
sodipodi:role="line"
style="font-size:10px;stroke-width:0.264583"
x="39.374374"
y="97.68898"
id="tspan612">Compressed</tspan></text>
style="font-size:12px;stroke-width:0.264583"
x="25.745243"
y="126.0227"
id="tspan612">Compressed</tspan><tspan
sodipodi:role="line"
style="font-size:12px;stroke-width:0.264583"
x="25.745243"
y="141.02271"
id="tspan775">Time</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="555.52734"
y="98.085876"
y="126.41959"
id="text421"><tspan
sodipodi:role="line"
id="tspan419"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="555.52734"
y="98.085876">4</tspan></text>
y="126.41959">4</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="214.53951"
y="98.049866"
y="126.38358"
id="text425"><tspan
sodipodi:role="line"
id="tspan423"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="214.53951"
y="98.049866">1</tspan></text>
y="126.38358">1</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="327.96201"
y="98.07988"
y="126.4136"
id="text429"><tspan
sodipodi:role="line"
id="tspan427"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="327.96201"
y="98.07988">2</tspan></text>
y="126.4136">2</tspan></text>
<text
xml:space="preserve"
style="font-size:12.0059px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
style="font-size:14px;line-height:1.25;font-family:'STIX Two Text';-inkscape-font-specification:'STIX Two Text';letter-spacing:0px;word-spacing:0px;stroke-width:0.0794137"
x="441.58859"
y="98.001839"
y="126.33556"
id="text433"><tspan
sodipodi:role="line"
id="tspan431"
style="stroke-width:0.0794137"
style="font-size:14px;stroke-width:0.0794137"
x="441.58859"
y="98.001839">3</tspan></text>
y="126.33556">3</tspan></text>
</g>
</svg>

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 22 KiB

Before After
Before After

18
DSD/qrs/main.tex
View file

@ -596,7 +596,7 @@ The scenario comprises 4 phases:
\begin{figure}
\centering
\includegraphics[width=0.49\textwidth]{images/2w_experiment.pdf}
\caption{Overview of the scenario and rules for the Second case study.}
\caption{Overview of the scenario and rules for the second case study.}
\label{fig:2w_experiment}
\end{figure}
@ -622,25 +622,21 @@ The rules are formaly defined using the \gls{stl} syntax which is bespoke for de
\begin{table*}
\centering
\begin{tabular}{p{0.03\textwidth} | p{0.20\textwidth} | p{0.47\textwidth} | p{0.20\textwidth}}
\begin{tabular}{p{0.03\textwidth} | p{0.25\textwidth} | p{0.37\textwidth} | p{0.25\textwidth}}
Rule & Description & STL Formula & Threat\\
\toprule
1 & "SLEEP" state only & $R_1 := \square_{[0,1h]\cup [2h40,3h20]}(SLEEP=1)$ & Machine takeover, Botnet, Rogue Employee\\
2 & Exactly one occurence of "REBOOT" & $R_2 := \lozenge(REBOOT_{[t]}=1) \cup (\neg \square_{[,2h40]}(REBOOT=1)$ & \gls{apt}, Backdoors\\
3 & No "HIGH" state for more than 30s. & $R_3 := \square (HIGH_{[t_0]}=1 \rightarrow \lozenge_{[t_0,t_0+30s]}(HIGH_{[t]}=0))$ & CryptoMining Malware, Ransomware, BotNet\\
4 & No "REBOOT" occurence. & $R_4 := \neg \square_{[1h,2h40]}(REBOOT_{[t]}=1)$ & Malware Installation\\
1 & "SLEEP" state only & $R_1 := \square_{[0,1h]\cup [2h40,3h20]}(s[t]=0)$ & Machine takeover, Botnet\cite{mitre_botnet}, Rogue Employee\\
2 & Exactly one occurence of "REBOOT" & $R_2 := \lozenge(s[t]=3) \cup (\neg \square_{[,2h40]}(s[t]=3)$ & \gls{apt}\cite{mitre_prevent}, Backdoors\\
3 & No "HIGH" state for more than 30s. & $R_3 := \square (s[t_0]=2 \rightarrow \lozenge_{[t_0,t_0+30s]}(s[t]=2))$ & CryptoMining Malware \cite{mitre_crypto}, Ransomware\cite{mitre_ransomware}, BotNet\cite{mitre_botnet}\\
4 & No "REBOOT" occurence. & $R_4 := \neg \square_{[1h,2h40]}(s[t]=3)$ & Malware Installation\\
\bottomrule
\end{tabular}
\caption{Characteristics of the machines in the evaluation dataset.}
\caption{Security rules applied to the detected states of the machine. $s[t]$ represent the label at time $t$.}
\label{tab:rules}
\end{table*}
\agd{add MITRE references for each threat}
\agd{fix stl formulas to use labels and not states name}
\subsection{Dataset}
\subsection{Results}
\section{Discussion}\label{sec:discussion}