Research (Pragmatic and starting to be Academic) 07/03/13 v0.3.01

Get Started. It's Free
or sign up with your email address
Research (Pragmatic and starting to be Academic) 07/03/13 v0.3.01 by Mind Map: Research (Pragmatic and starting to be Academic) 07/03/13 v0.3.01

1. Malware

1.1. Indicators of Infection

1.1.1. Network Packet Analysis

1.1.1.1. Frequency Analysis

1.1.2. Security Information & Event Monitoring (SIEM) Systems

1.1.2.1. Log Analysis

1.1.2.1.1. Application

1.1.2.1.2. Audit

1.1.3. Memory Analysis

1.1.3.1. Process Tree

1.1.3.2. Process Memory

1.1.3.3. Full Dump Analysis

1.1.3.4. Process Core Crash Dump Analysis

1.1.4. File Changes

1.1.4.1. Hash-on-Execute Correlation

1.1.4.2. Periodic Validity/Version Checks

1.1.5. System Call

1.1.5.1. Frequency Analysis

1.1.5.2. Process-SysCall Correlation Analysis

1.2. Botnets

1.2.1. Relevant Papers

1.2.1.1. Botnet Detection Systems

1.2.1.1.1. Gu et al. 2006-8

1.3. Industrial Network Malware

1.3.1. Stuxnet

1.4. Rootkits

1.4.1. Zeroaccess / TDL3

1.5. Exploits / Buffer Overflows

2. Industrial Control Systems

2.1. PLC

2.2. Industrial Networks

2.2.1. Indicators of Infection

2.2.1.1. Change:

2.2.1.1.1. Binary on PLC

2.2.1.1.2. Upload/Download Logs

2.2.1.1.3. Authentication Logs

2.2.1.2. Network Packet Analysis

3. Immune Systems

3.1. Immunology

3.1.1. Components

3.1.2. Messengers

3.1.3. Mechanisms

3.1.4. Topology

3.1.5. Theories

3.1.5.1. Danger Theory

3.1.5.2. Self-Non-Self Theory (including Infectious Non-Self Theory)

3.2. Artificial Immune Systems

3.2.1. Relevant Papers

3.2.1.1. Immuno-Engineering

3.2.1.1.1. Components

3.2.1.1.2. Messengers

3.2.1.1.3. Mechanisms

3.2.1.1.4. Topology

3.2.1.2. AIS Architectures

3.2.1.2.1. AIS Anti-Malware Architecures

3.2.1.2.2. Immune Inspired Architectures

3.2.1.3. Immuno-Engineering Methodologies

3.2.1.3.1. Immune Inspired Homeostasis for Electronic Systems (Owens et al. 2007)

3.2.1.3.2. Conceptual Framworks for AIS (Stepney et al. 2005)

3.2.1.3.3. Immuno-Engineering (Timmis et al. 2007)

3.3. Self-* Systems

3.3.1. Self-Aware Systems

3.3.1.1. Context-Aware Systems

3.3.1.1.1. Security Information & Event Monitoring (SIEM) Systems

3.3.2. Self-Adaptive Systems

3.3.3. Self-Organising Systems

3.3.3.1. Organic Networking Systems

3.3.4. Self-Healing Systems

3.4. Distributed Systems

3.4.1. Decentralised (P2P) Systems

3.4.1.1. Redundant storage

3.4.1.2. Tonika

3.4.2. Distributed Processing

3.4.2.1. Map-Reduce / Divide&Conquer

4. Self-Healing Systems

4.1. Resilient Systems

4.2. Self-Defensive Systems

4.2.1. Counter-Measures

4.2.1.1. Signature Scambling

4.2.1.1.1. Binary Scambling

4.2.1.1.2. Network Transmission Signature

4.2.1.2. Reorganisation

4.2.1.3. Encryption Key Change Algorithm

4.2.2. Redundancy

4.3. Self-Healing Cycle

4.3.1. Detection

4.3.1.1. Multi-stage Monitoring

4.3.1.1.1. Low Intensity

4.3.1.1.2. High Intensity

4.3.1.2. Indicators of Infection

4.3.1.3. Context-Aware Systems

4.3.2. Diagnosis

4.3.2.1. Artificial Intelligence / Data Mining / Decision Making

4.3.2.1.1. Dimensionality Reduction (offline processing)

4.3.2.1.2. Clustering

4.3.2.1.3. Classification

4.3.3. Response

4.3.3.1. Self-Defensive System

4.3.3.2. Crash Hardening by "STING" (Brumley et al 2006-7) (Process core memory dump analysis after a crash, disallow inputs that cause the crash)

4.3.3.3. Process Management

4.3.3.3.1. Kill

4.3.3.3.2. Run

4.3.3.4. Critical / Fatal Repsonse

4.3.3.4.1. Reboot

4.3.3.4.2. Reboot & Reinstall X (X = identified failing component)

4.3.3.4.3. Shutdown (Send warning to IT Admin)

4.3.3.4.4. Reboot & System Restore

4.3.3.5. Monitoring State

4.3.3.5.1. Set Low Intensity Logging (decaying duration)

4.3.3.5.2. Set High Intensity Logging (decaying duration)

4.3.3.6. Diagnosis / Decision Making Sensitivity

4.3.3.6.1. Increase sensitivity

4.3.3.6.2. Decrease sensitivity

4.3.3.7. "Auto[..] Patch Errors in Deployed Software" "ClearView" (Perkins et al 2009)

4.4. Fault Tolerant Systems