Research (Pragmatic and starting to be Academic) 07/03/13 v0.3.01

Jetzt loslegen. Gratis!
oder registrieren mit Ihrer E-Mail-Adresse
Research (Pragmatic and starting to be Academic) 07/03/13 v0.3.01 von Mind Map: Research (Pragmatic and starting to be Academic) 07/03/13 v0.3.01

1. Immune Systems

1.1. Immunology

1.1.1. Components

1.1.2. Messengers

1.1.3. Mechanisms

1.1.4. Topology

1.1.5. Theories Danger Theory Self-Non-Self Theory (including Infectious Non-Self Theory)

1.2. Artificial Immune Systems

1.2.1. Relevant Papers Immuno-Engineering Components Messengers Mechanisms Topology AIS Architectures AIS Anti-Malware Architecures Immune Inspired Architectures Immuno-Engineering Methodologies Immune Inspired Homeostasis for Electronic Systems (Owens et al. 2007) Conceptual Framworks for AIS (Stepney et al. 2005) Immuno-Engineering (Timmis et al. 2007)

1.3. Self-* Systems

1.3.1. Self-Aware Systems Context-Aware Systems Security Information & Event Monitoring (SIEM) Systems

1.3.2. Self-Adaptive Systems

1.3.3. Self-Organising Systems Organic Networking Systems

1.3.4. Self-Healing Systems

1.4. Distributed Systems

1.4.1. Decentralised (P2P) Systems Redundant storage Tonika

1.4.2. Distributed Processing Map-Reduce / Divide&Conquer

2. Self-Healing Systems

2.1. Resilient Systems

2.2. Self-Defensive Systems

2.2.1. Counter-Measures Signature Scambling Binary Scambling Network Transmission Signature Reorganisation Encryption Key Change Algorithm

2.2.2. Redundancy

2.3. Self-Healing Cycle

2.3.1. Detection Multi-stage Monitoring Low Intensity High Intensity Indicators of Infection Context-Aware Systems

2.3.2. Diagnosis Artificial Intelligence / Data Mining / Decision Making Dimensionality Reduction (offline processing) Clustering Classification

2.3.3. Response Self-Defensive System Crash Hardening by "STING" (Brumley et al 2006-7) (Process core memory dump analysis after a crash, disallow inputs that cause the crash) Process Management Kill Run Critical / Fatal Repsonse Reboot Reboot & Reinstall X (X = identified failing component) Shutdown (Send warning to IT Admin) Reboot & System Restore Monitoring State Set Low Intensity Logging (decaying duration) Set High Intensity Logging (decaying duration) Diagnosis / Decision Making Sensitivity Increase sensitivity Decrease sensitivity "Auto[..] Patch Errors in Deployed Software" "ClearView" (Perkins et al 2009)

2.4. Fault Tolerant Systems

3. Malware

3.1. Indicators of Infection

3.1.1. Network Packet Analysis Frequency Analysis

3.1.2. Security Information & Event Monitoring (SIEM) Systems Log Analysis Application Audit

3.1.3. Memory Analysis Process Tree Process Memory Full Dump Analysis Process Core Crash Dump Analysis

3.1.4. File Changes Hash-on-Execute Correlation Periodic Validity/Version Checks

3.1.5. System Call Frequency Analysis Process-SysCall Correlation Analysis

3.2. Botnets

3.2.1. Relevant Papers Botnet Detection Systems Gu et al. 2006-8

3.3. Industrial Network Malware

3.3.1. Stuxnet

3.4. Rootkits

3.4.1. Zeroaccess / TDL3

3.5. Exploits / Buffer Overflows

4. Industrial Control Systems

4.1. PLC

4.2. Industrial Networks

4.2.1. Indicators of Infection Change: Binary on PLC Upload/Download Logs Authentication Logs Network Packet Analysis