Open adulau opened 7 years ago
adulau
commented
7 years ago In 3.4, I would add the opportunity to extend the MISP format (e.g. financial indicators, mobile phone) with an open source solution where a standardisation will take too much to be integrated.
adulau
commented
7 years ago In 4.1, I would add a reference to the original Bloom Filter paper and a quick state-of-the-art of the updated version including Cuckoo filters.
adulau
commented
7 years ago in 4.2 the "machine learning" part, does it worth to have it? Does it bring some new information to the topic or state-of-the-art?
adulau
commented
7 years ago In 5.1 and chapter 5, maybe you should clarify that the academic paper was a kind of bootstrap for your research.
charly077
commented
7 years ago Thank you very much for your remarks, I will do the modifications this afternoon.
adulau
commented
7 years ago In the future work, maybe some additional experiments for Cuckoo filters and other data-structure like Roaring bitmaps:
https://ai2-s2-pdfs.s3.amazonaws.com/5d37/dbcead67858f972056555745041250bb1b6a.pdf
Use-cases for using privacy-aware data-structure are broader than privacy
Privacy is one of the goal of using privacy-aware data structure in information sharing. But there are also other important use-cases like:
Willing to search/hunt for traces of activities of attacks on an already compromised infrastructure. You usually don't want to connect your MISP instance to a potentially compromised infrastructure. Using privacy-aware data-structure allows to get all indicators for a MISP instance to an incident response places.
Fast lookups. Many privacy-aware data structures have fast lookup properties and can be used as an advantage for DFIR and forensic analysis.
Compact data-structure. Some DFIR software are embedded and requires minimal memory usage compare to load full-blown list of indicators in memory.
It might be wise to expand the use-cases in the background (Chapter 2).