grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix some caption size

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-07-31 16:12:02 -04:00
parent b40b43687d
commit 027f682177
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
DSD/qrs/main.tex
View file

@ -75,7 +75,7 @@ Results of state detection with MAD enable the definition and verification of hi
\section{Introduction} \section{Introduction}
\gls{ids}s leverage different types of data to detect intrusions. \gls{ids}s leverage different types of data to detect intrusions.
On one side, most solutions use labelled and actionable data, often provided by the system to protect. On one side, most solutions use labeled and actionable data, often provided by the system to protect.
This data can be the resource usage \cite{1702202}, program source code \cite{9491765} or network traffic \cite{10.1145/2940343.2940348} leveraged by an \gls{hids} or \gls{nids}. This data can be the resource usage \cite{1702202}, program source code \cite{9491765} or network traffic \cite{10.1145/2940343.2940348} leveraged by an \gls{hids} or \gls{nids}.
On the other side, some methods consider only information that the system did not intentionally provide. On the other side, some methods consider only information that the system did not intentionally provide.
The system emits these activity by-products through physical mediums called side channels. The system emits these activity by-products through physical mediums called side channels.
@ -112,8 +112,8 @@ Identifying the occurrence and position of these patterns makes the data actiona
For example, a computer starting at night or rebooting multiple times in a row should raise an alert for a possible intrusion or malfunction. For example, a computer starting at night or rebooting multiple times in a row should raise an alert for a possible intrusion or malfunction.
Rule-based \gls{ids}s using side-channel information require an accurate and practical pattern detection solution. Rule-based \gls{ids}s using side-channel information require an accurate and practical pattern detection solution.
Many data-mining algorithms assume that training data is cheap, meaning that acquiring large --- labelled --- datasets is achievable without significant expense. Many data-mining algorithms assume that training data is cheap, meaning that acquiring large --- labeled --- datasets is achievable without significant expense.
Unfortunately, collecting labelled data requires following a procedure and induces downtime for the machine, which can be expensive. Unfortunately, collecting labeled data requires following a procedure and induces downtime for the machine, which can be expensive.
Collecting many training samples during normal operations of the machine is more time-consuming as the machine's activity cannot be controlled. Collecting many training samples during normal operations of the machine is more time-consuming as the machine's activity cannot be controlled.
A more convenient data requirement would be a single sample of each pattern to detect. A more convenient data requirement would be a single sample of each pattern to detect.
Collecting a sample is immediately possible after the installation of the measurement equipment during normal operations of the machine. Collecting a sample is immediately possible after the installation of the measurement equipment during normal operations of the machine.
@ -152,8 +152,8 @@ To apply security policies to side-channel information, it is necessary to first
The problem of identifying pre-defined patterns in unlabeled time series is referenced under various names in the literature. The problem of identifying pre-defined patterns in unlabeled time series is referenced under various names in the literature.
The terms \textit{activity segmentation} or \textit{activity detection} are the most relevant for the problem we are interested in. The terms \textit{activity segmentation} or \textit{activity detection} are the most relevant for the problem we are interested in.
The state-of-the-art methods in this domain focus on human activities and leverage various sensors such as smartphones \cite{wannenburg2016physical}, cameras \cite{bodor2003vision} or wearable sensors \cite{uddin2018activity}. The state-of-the-art methods in this domain focus on human activities and leverage various sensors such as smartphones \cite{wannenburg2016physical}, cameras \cite{bodor2003vision} or wearable sensors \cite{uddin2018activity}.
These methods rely on large labelled datasets to train classification models and detect activities \cite{micucci2017unimib}. These methods rely on large labeled datasets to train classification models and detect activities \cite{micucci2017unimib}.
For real-life applications, access to large labelled datasets may not be possible. For real-life applications, access to large labeled datasets may not be possible.
Another approach, more general than activity detection, uses \gls{cpd}. Another approach, more general than activity detection, uses \gls{cpd}.
\gls{cpd} is a sub-topic of time series analysis that focuses on detecting abrupt changes in a time series \cite{truong2020selective}. \gls{cpd} is a sub-topic of time series analysis that focuses on detecting abrupt changes in a time series \cite{truong2020selective}.
It is assumed in many cases that these change points are representative of state transitions from the observed system. It is assumed in many cases that these change points are representative of state transitions from the observed system.
@ -581,7 +581,7 @@ With both performances metrics combined, \gls{mad} outperforms the other methods
\section{Case Study 2: Attack Scenarios}\label{sec:cs2} \section{Case Study 2: Attack Scenarios}\label{sec:cs2}
The second case study focuses on a realistic production scenario. The second case study focuses on a realistic production scenario.
This case study aims to illustrate how \gls{mad} enables high abstraction level rules applications by converting the low-level power consumption signal into labelled and actionable states sequence. This case study aims to illustrate how \gls{mad} enables high abstraction level rules applications by converting the low-level power consumption signal into labeled and actionable states sequence.
\subsection{Overview} \subsection{Overview}
@ -600,7 +600,7 @@ The scenario comprises four phases:
\begin{figure} \begin{figure}
\centering \centering
\includegraphics[width=0.49\textwidth]{images/2w_experiment.pdf} \includegraphics[width=0.49\textwidth]{images/2w_experiment.pdf}
\caption{Overview of the scenario and rules for the second case study.} \caption{Overview of the scenario and rules for the second case study. The rules are defined in table \ref{tab:rules}.}
\label{fig:2w_experiment} \label{fig:2w_experiment}
\end{figure} \end{figure}