-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remarks regarding the master thesis report #2
Comments
In 3.4, I would add the opportunity to extend the MISP format (e.g. financial indicators, mobile phone) with an open source solution where a standardisation will take too much to be integrated. |
In 4.1, I would add a reference to the original Bloom Filter paper and a quick state-of-the-art of the updated version including Cuckoo filters. |
in 4.2 the "machine learning" part, does it worth to have it? Does it bring some new information to the topic or state-of-the-art? |
In 5.1 and chapter 5, maybe you should clarify that the academic paper was a kind of bootstrap for your research. |
Thank you very much for your remarks, I will do the modifications this afternoon. |
In the future work, maybe some additional experiments for Cuckoo filters and other data-structure like Roaring bitmaps: https://ai2-s2-pdfs.s3.amazonaws.com/5d37/dbcead67858f972056555745041250bb1b6a.pdf |
Use-cases for using privacy-aware data-structure are broader than privacy
Privacy is one of the goal of using privacy-aware data structure in information sharing. But there are also other important use-cases like:
Willing to search/hunt for traces of activities of attacks on an already compromised infrastructure. You usually don't want to connect your MISP instance to a potentially compromised infrastructure. Using privacy-aware data-structure allows to get all indicators for a MISP instance to an incident response places.
Fast lookups. Many privacy-aware data structures have fast lookup properties and can be used as an advantage for DFIR and forensic analysis.
Compact data-structure. Some DFIR software are embedded and requires minimal memory usage compare to load full-blown list of indicators in memory.
It might be wise to expand the use-cases in the background (Chapter 2).
The text was updated successfully, but these errors were encountered: