From 027f6821770171322382d947270d9269739005ae Mon Sep 17 00:00:00 2001 From: Arthur Grisel-Davy Date: Mon, 31 Jul 2023 16:12:02 -0400 Subject: [PATCH] fix some caption size --- DSD/qrs/main.tex | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/DSD/qrs/main.tex b/DSD/qrs/main.tex index 4b11337..bd4f6c9 100644 --- a/DSD/qrs/main.tex +++ b/DSD/qrs/main.tex @@ -75,7 +75,7 @@ Results of state detection with MAD enable the definition and verification of hi \section{Introduction} \gls{ids}s leverage different types of data to detect intrusions. -On one side, most solutions use labelled and actionable data, often provided by the system to protect. +On one side, most solutions use labeled and actionable data, often provided by the system to protect. This data can be the resource usage \cite{1702202}, program source code \cite{9491765} or network traffic \cite{10.1145/2940343.2940348} leveraged by an \gls{hids} or \gls{nids}. On the other side, some methods consider only information that the system did not intentionally provide. The system emits these activity by-products through physical mediums called side channels. @@ -112,8 +112,8 @@ Identifying the occurrence and position of these patterns makes the data actiona For example, a computer starting at night or rebooting multiple times in a row should raise an alert for a possible intrusion or malfunction. Rule-based \gls{ids}s using side-channel information require an accurate and practical pattern detection solution. -Many data-mining algorithms assume that training data is cheap, meaning that acquiring large --- labelled --- datasets is achievable without significant expense. -Unfortunately, collecting labelled data requires following a procedure and induces downtime for the machine, which can be expensive. +Many data-mining algorithms assume that training data is cheap, meaning that acquiring large --- labeled --- datasets is achievable without significant expense. +Unfortunately, collecting labeled data requires following a procedure and induces downtime for the machine, which can be expensive. Collecting many training samples during normal operations of the machine is more time-consuming as the machine's activity cannot be controlled. A more convenient data requirement would be a single sample of each pattern to detect. Collecting a sample is immediately possible after the installation of the measurement equipment during normal operations of the machine. @@ -152,8 +152,8 @@ To apply security policies to side-channel information, it is necessary to first The problem of identifying pre-defined patterns in unlabeled time series is referenced under various names in the literature. The terms \textit{activity segmentation} or \textit{activity detection} are the most relevant for the problem we are interested in. The state-of-the-art methods in this domain focus on human activities and leverage various sensors such as smartphones \cite{wannenburg2016physical}, cameras \cite{bodor2003vision} or wearable sensors \cite{uddin2018activity}. -These methods rely on large labelled datasets to train classification models and detect activities \cite{micucci2017unimib}. -For real-life applications, access to large labelled datasets may not be possible. +These methods rely on large labeled datasets to train classification models and detect activities \cite{micucci2017unimib}. +For real-life applications, access to large labeled datasets may not be possible. Another approach, more general than activity detection, uses \gls{cpd}. \gls{cpd} is a sub-topic of time series analysis that focuses on detecting abrupt changes in a time series \cite{truong2020selective}. It is assumed in many cases that these change points are representative of state transitions from the observed system. @@ -581,7 +581,7 @@ With both performances metrics combined, \gls{mad} outperforms the other methods \section{Case Study 2: Attack Scenarios}\label{sec:cs2} The second case study focuses on a realistic production scenario. -This case study aims to illustrate how \gls{mad} enables high abstraction level rules applications by converting the low-level power consumption signal into labelled and actionable states sequence. +This case study aims to illustrate how \gls{mad} enables high abstraction level rules applications by converting the low-level power consumption signal into labeled and actionable states sequence. \subsection{Overview} @@ -600,7 +600,7 @@ The scenario comprises four phases: \begin{figure} \centering \includegraphics[width=0.49\textwidth]{images/2w_experiment.pdf} -\caption{Overview of the scenario and rules for the second case study.} + \caption{Overview of the scenario and rules for the second case study. The rules are defined in table \ref{tab:rules}.} \label{fig:2w_experiment} \end{figure}