Authors: Brent Kirkpatrick
Journal: The Intrepid Publication Series (TIPS)
Abstract: Hacking produces a variety of effects on the target computer, making hacking difficult to detect. In general, humans are better at detecting hacking than machines. On a given computer, a hack is given away by two things: 1) the uncertainty principle of computing and 2) indicators of compromise.
The uncertainty principle of computing is that the addition of any new machine code can produce unexpected results on a computer. The software that was already on the machine is perturbed in some fashion by the addition of the new machine code. Possibly the particular machine, software, and hack have not been tested together.
Indicators of compromise are used to determine whether a computer has been hacked. There is very little published on the topic of indicators of compromise, even though they are an industry-wide discussion.
Here, we introduce the uncertainty principle and categorize indicators of compromise as to the type of data and type of measurement that they represent. We introduce the distributed learning paradigm. This paradigm is useful for understanding network variables, for understanding the Internet, and for debugging network algorithms.