L. Anthony and T. Cox, What's wrong with risk matrices, Apache HTTP Server, vol.28, pp.497-512, 2008.

, The Linux Audit Project, 2019.

A. M. Azab, P. Ning, J. Shah, Q. Chen, R. Bhutkar et al., Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14), pp.90-102, 2014.

I. Balepin, S. Maltsev, J. Rowe, and K. Levitt, Using Specification-Based Intrusion Detection for Automated Response, Recent Advances in Intrusion Detection, pp.136-154, 2003.

S. Barnum, Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX), 2014.

X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario, Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware, 38th IEEE/IFIP International Conference On Dependable Systems and Networks, pp.177-186, 2008.

R. Chevalier, M. Villatel, D. Plaquin, and G. Hiet, Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode, Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC'17), pp.399-411, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01634566

J. Corbet, Seccomp and sandboxing. LWN, 2009.

E. Cozzi, M. Graziano, Y. Fratantonio, and D. Balzarotti, Understanding Linux Malware, Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP '18, pp.161-175, 2018.

, CRIU, 2018.

L. Cryptodrop, CryptoDrop, 2019.

Y. Deng, R. Sadiq, W. Jiang, and S. Tesfamariam, Risk analysis in a linguistic environment: a fuzzy evidential reasoning-based approach, Expert Systems with Applications, vol.38, pp.15438-15446, 2011.

. Dr and . Web, Linux.Encoder.1, 2015.

. Dr and . Web, Linux.Rex.1, 2016.

. Dr and . Web, , 2018.

, Eclipse Foundation. 2019. Mosquitto. Retrieved, 2019.

B. Foo, Y. Wu, Y. Mao, S. Bagchi, and E. H. Spafford, ADEPTS: Adaptive Intrusion Response Using Attack Graphs in an E-Commerce Environment, Proceedings of the International Conference on Dependable Systems and Networks (DSN '05, pp.508-517, 2005.

, Gitea, 2019.

I. Github, GitHub, 2019.

A. Goel, K. Po, K. Farhadi, Z. Li, and . Lara, The Taser Intrusion Recovery System, Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP '05, pp.163-176, 2005.

T. Heo, Control Group v2, 2015.

D. Hodson, Remote LD_PRELOAD Exploitation, 2017.

. Hp-inc, HP Sure Start: Automatic Firmware Intrusion Detection and Repair, 2019.

F. Hsu, H. Chen, T. Ristenpart, J. Li, and Z. Su, Back to the Future: A Framework for Automatic Malware Removal and System Repair, Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC '06, pp.257-268, 2006.

Z. Huang, M. Dangelo, D. Miyani, and D. Lie, Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response, Proceedings of the 2016 IEEE Symposium on Security and Privacy, pp.618-635, 2016.

M. Jahoda, I. Gkioka, R. Krátký, M. Prpi?, T. ?apek et al., System Auditing, Red Hat Enterprise Linux 7 Security Guide, pp.185-204, 2017.

J. Katcher, Postmark: A new file system benchmark, Network Appliance, 1997.

M. Kerrisk, Namespaces in operation, part 1: namespaces overview. LWN, 2013.

A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, and E. Kirda, Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks, International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp.3-24, 2015.

N. Kheir, H. Debar, N. Cuppens-boulahia, F. Cuppens, and J. Viinikka, Cost Evaluation for Intrusion Response Using Dependency Graphs, International Conference on Network and Service Security, 2009.

T. Kim, X. Wang, N. Zeldovich, and M. Frans-kaashoek, Intrusion Recovery Using Selective Re-execution, Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI'10). USENIX Association, pp.89-104, 2010.

Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee et al., Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors, Proceeding of the 41st Annual International Symposium on Computer Architecture (ISCA '14), pp.361-372, 2014.

I. Kirillov, D. Beck, P. Chase, and R. Martin, Malware Attribute Enumeration and Characterization, 2011.

C. John, E. A. Knight, K. J. Strunk, and . Sullivan, Towards a rigorous definition of information system survivability, Proceedings of the 3rd DARPA Information Survivability Conference and Exposition, vol.1, pp.78-89, 2003.

P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss et al., Spectre Attacks: Exploiting Speculative Execution, 40th IEEE Symposium on Security and Privacy (S&P'19), 2019.

N. Kshetri, The simple economics of cybercrimes, IEEE Security & Privacy, vol.4, issue.1, pp.33-39, 2006.

M. Larabel and M. Tippett, Phoronix Test Suite, 2019.

M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas et al., Meltdown: Reading Kernel Memory from User Space, 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, pp.973-990, 2018.

R. , T. Marler, and J. S. Arora, Survey of multi-objective optimization methods for engineering. Structural and Multidisciplinary Optimization, vol.26, pp.369-395, 2004.

C. Mason, Compilebench, 2008.

. Microsoft, Windows Integrity Mechanism Design, 2017.

. Microsoft, Job Objects, 2018.

. Microsoft, Protect important folders with controlled folder access, 2018.

. Microsoft, Restricted Tokens, 2018.

. Mitre, Malware Capabilities, 2014.

. Mitre, Encyclopedia of Malware Attributes, 2019.

A. Motzek, G. Gonzalez-granadillo, H. Debar, J. Garcia-alfaro, and R. Möller, Selection of Pareto-efficient response plans based on financial and operational assessments, EURASIP Journal on Information Security, p.12, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01649965

R. Nigam, Unit 42 Finds New Mirai and Gafgyt IoT/Linux Botnet Campaigns, 2018.

R. Nsa and . Hat, SELinux, 2019.

R. Paleari, L. Martignoni, G. Fresi-roglia, and D. Bruschi, A Fistful of Red-pills: How to Automatically Generate Procedures to Detect CPU Emulators, Proceedings of the 3rd USENIX Conference on Offensive Technologies (WOOT'09). USENIX Association, p.7, 2009.

O. Rodeh, J. Bacik, and C. Mason, BTRFS: The Linux B-tree Filesystem, ACM Transactions on Storage (TOS), vol.9, 2013.

. Xiaoyu-ruan, Boot with Integrity, or Don't Boot, Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine, vol.6, pp.143-163, 2014.

M. E. Russinovich, D. A. Solomon, and A. Ionescu, Windows Internals, 2012.

M. Seaborn and T. Dullien, Exploiting the DRAM rowhammer bug to gain kernel privileges, 2015.

T. Senart, Vegeta, 2019.

A. Shameli-sendi, H. Louafi, W. He, and M. Cheriet, Dynamic Optimal Countermeasure Selection for Intrusion Response System, IEEE Transactions on Dependable and Secure Computing, vol.15, pp.755-770, 2018.

C. Song, B. Lee, K. Lu, W. R. Harris, T. Kim et al., Enforcing Kernel Security Invariants with Data Flow Integrity, Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS '16), 2016.

, systemd System and Service Manager, 2019.

K. Szurek, Gitea 1.4.0 Unauthenticated Remote Code Execution, 2018.

T. Toth and C. Kruegel, Evaluating the Impact of Automated Intrusion Response Mechanisms, Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC '02), 2002.

, Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers. Retrieved, 2018.

. Uefi-forum, Unified Extensible Firmware Interface Specification, 2019.

S. Vermeulen, Handling SELinux-aware Applications, SELinux Cookbook, p.10, 2014.

A. Webster, R. Eckenrod, and J. Purtilo, Fast and Servicepreserving Recovery from Malware Infections Using CRIU, Proceedings of the 27th USENIX Security Symposium. USENIX Association, pp.1199-1211, 2018.

E. Wheeler, Risky Business, Security risk management: Building an information security risk management program from the Ground Up, vol.2, pp.37-40, 2011.

R. Wheeler, fs-mark, 2016.

X. Xiong, X. Jia, and P. Liu, SHELF: Preserving Business Continuity and Availability in an Intrusion Recovery System, Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC '09), pp.484-493, 2009.

J. Yao and V. J. Zimmer, A Tour Beyond BIOS Supporting an SMM Resource Monitor using the EFI Developer Kit II, 2015.

J. Yao and V. J. Zimmer, A Tour Beyond BIOS -Memory Protection in UEFI BIOS, 2017.