fix some caption size
This commit is contained in:
Arthur Grisel-Davy
parent
b40b43687d
commit
027f682177
1 changed files with 7 additions and 7 deletions
|
|
@ -75,7 +75,7 @@ Results of state detection with MAD enable the definition and verification of hi
|
|||
\section{Introduction}
|
||||
|
||||
\gls{ids}s leverage different types of data to detect intrusions.
|
||||
On one side, most solutions use labelled and actionable data, often provided by the system to protect.
|
||||
On one side, most solutions use labeled and actionable data, often provided by the system to protect.
|
||||
This data can be the resource usage \cite{1702202}, program source code \cite{9491765} or network traffic \cite{10.1145/2940343.2940348} leveraged by an \gls{hids} or \gls{nids}.
|
||||
On the other side, some methods consider only information that the system did not intentionally provide.
|
||||
The system emits these activity by-products through physical mediums called side channels.
|
||||
|
|
@ -112,8 +112,8 @@ Identifying the occurrence and position of these patterns makes the data actiona
|
|||
For example, a computer starting at night or rebooting multiple times in a row should raise an alert for a possible intrusion or malfunction.
|
||||
|
||||
Rule-based \gls{ids}s using side-channel information require an accurate and practical pattern detection solution.
|
||||
Many data-mining algorithms assume that training data is cheap, meaning that acquiring large --- labelled --- datasets is achievable without significant expense.
|
||||
Unfortunately, collecting labelled data requires following a procedure and induces downtime for the machine, which can be expensive.
|
||||
Many data-mining algorithms assume that training data is cheap, meaning that acquiring large --- labeled --- datasets is achievable without significant expense.
|
||||
Unfortunately, collecting labeled data requires following a procedure and induces downtime for the machine, which can be expensive.
|
||||
Collecting many training samples during normal operations of the machine is more time-consuming as the machine's activity cannot be controlled.
|
||||
A more convenient data requirement would be a single sample of each pattern to detect.
|
||||
Collecting a sample is immediately possible after the installation of the measurement equipment during normal operations of the machine.
|
||||
|
|
@ -152,8 +152,8 @@ To apply security policies to side-channel information, it is necessary to first
|
|||
The problem of identifying pre-defined patterns in unlabeled time series is referenced under various names in the literature.
|
||||
The terms \textit{activity segmentation} or \textit{activity detection} are the most relevant for the problem we are interested in.
|
||||
The state-of-the-art methods in this domain focus on human activities and leverage various sensors such as smartphones \cite{wannenburg2016physical}, cameras \cite{bodor2003vision} or wearable sensors \cite{uddin2018activity}.
|
||||
These methods rely on large labelled datasets to train classification models and detect activities \cite{micucci2017unimib}.
|
||||
For real-life applications, access to large labelled datasets may not be possible.
|
||||
These methods rely on large labeled datasets to train classification models and detect activities \cite{micucci2017unimib}.
|
||||
For real-life applications, access to large labeled datasets may not be possible.
|
||||
Another approach, more general than activity detection, uses \gls{cpd}.
|
||||
\gls{cpd} is a sub-topic of time series analysis that focuses on detecting abrupt changes in a time series \cite{truong2020selective}.
|
||||
It is assumed in many cases that these change points are representative of state transitions from the observed system.
|
||||
|
|
@ -581,7 +581,7 @@ With both performances metrics combined, \gls{mad} outperforms the other methods
|
|||
|
||||
\section{Case Study 2: Attack Scenarios}\label{sec:cs2}
|
||||
The second case study focuses on a realistic production scenario.
|
||||
This case study aims to illustrate how \gls{mad} enables high abstraction level rules applications by converting the low-level power consumption signal into labelled and actionable states sequence.
|
||||
This case study aims to illustrate how \gls{mad} enables high abstraction level rules applications by converting the low-level power consumption signal into labeled and actionable states sequence.
|
||||
|
||||
|
||||
\subsection{Overview}
|
||||
|
|
@ -600,7 +600,7 @@ The scenario comprises four phases:
|
|||
\begin{figure}
|
||||
\centering
|
||||
\includegraphics[width=0.49\textwidth]{images/2w_experiment.pdf}
|
||||
\caption{Overview of the scenario and rules for the second case study.}
|
||||
\caption{Overview of the scenario and rules for the second case study. The rules are defined in table \ref{tab:rules}.}
|
||||
\label{fig:2w_experiment}
|
||||
\end{figure}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue