grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-07-14 00:02:52 -04:00
parent dda69366e0
commit 5f2cb74c7b
4 changed files with 169 additions and 288 deletions
Download patch file Download diff file Expand all files Collapse all files

18
DSD/qrs/main.tex
View file

@ -596,7 +596,7 @@ The scenario comprises 4 phases:
\begin{figure}
\centering
\includegraphics[width=0.49\textwidth]{images/2w_experiment.pdf}
\caption{Overview of the scenario and rules for the Second case study.}
\caption{Overview of the scenario and rules for the second case study.}
\label{fig:2w_experiment}
\end{figure}
@ -622,25 +622,21 @@ The rules are formaly defined using the \gls{stl} syntax which is bespoke for de
\begin{table*}
\centering
\begin{tabular}{p{0.03\textwidth} | p{0.20\textwidth} | p{0.47\textwidth} | p{0.20\textwidth}}
\begin{tabular}{p{0.03\textwidth} | p{0.25\textwidth} | p{0.37\textwidth} | p{0.25\textwidth}}
Rule & Description & STL Formula & Threat\\
\toprule
1 & "SLEEP" state only & $R_1 := \square_{[0,1h]\cup [2h40,3h20]}(SLEEP=1)$ & Machine takeover, Botnet, Rogue Employee\\
2 & Exactly one occurence of "REBOOT" & $R_2 := \lozenge(REBOOT_{[t]}=1) \cup (\neg \square_{[,2h40]}(REBOOT=1)$ & \gls{apt}, Backdoors\\
3 & No "HIGH" state for more than 30s. & $R_3 := \square (HIGH_{[t_0]}=1 \rightarrow \lozenge_{[t_0,t_0+30s]}(HIGH_{[t]}=0))$ & CryptoMining Malware, Ransomware, BotNet\\
4 & No "REBOOT" occurence. & $R_4 := \neg \square_{[1h,2h40]}(REBOOT_{[t]}=1)$ & Malware Installation\\
1 & "SLEEP" state only & $R_1 := \square_{[0,1h]\cup [2h40,3h20]}(s[t]=0)$ & Machine takeover, Botnet\cite{mitre_botnet}, Rogue Employee\\
2 & Exactly one occurence of "REBOOT" & $R_2 := \lozenge(s[t]=3) \cup (\neg \square_{[,2h40]}(s[t]=3)$ & \gls{apt}\cite{mitre_prevent}, Backdoors\\
3 & No "HIGH" state for more than 30s. & $R_3 := \square (s[t_0]=2 \rightarrow \lozenge_{[t_0,t_0+30s]}(s[t]=2))$ & CryptoMining Malware \cite{mitre_crypto}, Ransomware\cite{mitre_ransomware}, BotNet\cite{mitre_botnet}\\
4 & No "REBOOT" occurence. & $R_4 := \neg \square_{[1h,2h40]}(s[t]=3)$ & Malware Installation\\
\bottomrule
\end{tabular}
\caption{Characteristics of the machines in the evaluation dataset.}
\caption{Security rules applied to the detected states of the machine. $s[t]$ represent the label at time $t$.}
\label{tab:rules}
\end{table*}
\agd{add MITRE references for each threat}
\agd{fix stl formulas to use labels and not states name}
\subsection{Dataset}
\subsection{Results}
\section{Discussion}\label{sec:discussion}