gramarly timetable
This commit is contained in:
Arthur Grisel-Davy
parent
cf15a444a1
commit
0beeb7eef8
1 changed files with 30 additions and 46 deletions
|
|
@ -2,17 +2,11 @@
|
|||
The planned work is segmented into three main parts: finishing the \gls{dsd}, building the data acquisition system and building to algorithm for the single-source multi-measure system, and setting up an experiment for the multi-source single-measure system.
|
||||
Each of these three parts has its own specificities and challenges that call for careful planning.
|
||||
|
||||
\section{Spring 2023}
|
||||
The main focus for this term is the writing of the \gls{dsd} paper.
|
||||
The algorithm has now reached a satisfactory state with a good range of detection and useful precision.
|
||||
However, more experiments are required to evaluate the robustness and capabilities of the detector in a wider variety of situations.
|
||||
The goal for this paper is the submission to a major conference in the next term.
|
||||
|
||||
\section{Fall 2023}
|
||||
This term will have a dual goal.
|
||||
On one hand, finishing the \gls{dsd} paper and submitting it to a conference.
|
||||
On the other, start working on the single-source multi-measure capture system.
|
||||
The current capture system is composed of a PoE box that is placed in series with the machine to monitor.
|
||||
The current capture system is composed of a box placed in series with the machine to monitor.
|
||||
This system is reliable and serves its purpose perfectly, but it is not possible to fit in a more constrained space or able to measure multiple consumptions at once.
|
||||
The single-source multi-measure system aims for integration in the machine with minimal modification to allow for easy \textit{drop-in} installation.
|
||||
The goal could be a computer's \gls{psu} or an external box with multiple measurement systems.
|
||||
|
|
@ -20,7 +14,7 @@ In any case, the design and prototyping of this new measurement system is an imp
|
|||
|
||||
\section{Winter 2024}
|
||||
Fall 2023 will be dedicated to designing and evaluating the single-source multi-measure system.
|
||||
The challenge of this work is to enable the processing of multi-variate time series to yield better results.
|
||||
This work's challenge is enabling the processing of multi-variate time series to yield better results.
|
||||
The system's performances will be put in perspective with the capabilities of the DSD (single-source single-measure).
|
||||
A series of experiments will also provide a complementary evaluation of the performances of these new techniques.
|
||||
The experiments will be collected in a paper with a publication aimed at the next term.
|
||||
|
|
@ -32,70 +26,60 @@ For this third system, the capture system is already available.
|
|||
The workload is mainly centred on the design of the processing algorithm.
|
||||
|
||||
\section{Complementary Projects}
|
||||
Although it is difficult to plan work after one year, there are some complementary projects that I intend on exploring.
|
||||
Although it is difficult to plan work after one year, there are some complementary projects that are worth exploring.
|
||||
|
||||
\textbf{Cover Channel:}
|
||||
Some work in the litterature explored potential of power consumption as a covert channel.
|
||||
This application is complementary with the defense work I am focusing on in this thesis.
|
||||
As an attacker trying to exfiltrate information from a machine, understanding the method from generating meaningfull power consumption patterns is crucial.
|
||||
This work provide insights on how different applications generate specific consumption patterns.
|
||||
Some work in the literature explored the potential of power consumption as a covert channel.
|
||||
This application complements the defense work that this thesis focuses on.
|
||||
As an attacker trying to exfiltrate information from a machine, understanding the method of generating meaningful power consumption patterns is crucial.
|
||||
This work provides insights into how different applications generate specific consumption patterns.
|
||||
A 1b/s covert channel already successfully extracted a private ECDSA SSH key through AC/DC transformers with an MSSM setup.
|
||||
I intend on improving the capabilities of this covert channel as a complementary project for this thesis.
|
||||
The improved capabilities of this covert channel will serve as a complementary project for this thesis.
|
||||
|
||||
\textbf{Specific Activities Detection:}
|
||||
Some users activities carry so much potential threats that detecting them quickly is interesting.
|
||||
Some user's activities carry so many potential threats that detecting them more rapidly is interesting.
|
||||
For example, plugging in a USB device is an entry point for many attacks \cite{cannoles2017hacking, NISSIM2017675, su2017usb}.
|
||||
Fortunately, USB devices have a direct impact on the power consumption of a machine as they draw their power from the host.
|
||||
Detecting this specific event enable the collection of trusted logs usefull for forensics or log verification tasks.
|
||||
Detecting this specific event enables the collection of trusted logs useful for forensics or log verification tasks.
|
||||
The current work on this problem is exploring signal processing methods to build a reliable detector with the least false positive rate while still detecting all USB events.
|
||||
This problem is complementary to the more general pattern detection problem that this thesis explores as a reduction to practice that, once again, provide a better understanding of the variety of patterns present in a power consumption trace.
|
||||
This problem is complementary to the more general pattern detection problem that this thesis explores as a reduction to practice that, once again, provides a better understanding of the variety of patterns present in a power consumption trace.
|
||||
|
||||
|
||||
\section{Alternative Courses of Action}
|
||||
Many unforseen event can disturb a a research plan on multiple years.
|
||||
Although it is not possible to plan an alternative course of action for each case, here are some ways to continue this thesis under different conditions.
|
||||
Many unforeseen events can disturb a research plan spanning multiple years.
|
||||
Although it is impossible to plan an alternative course of action for each case, here are some ways to continue this thesis under different conditions.
|
||||
|
||||
\textbf{Pandemic or Global Lockdown Situation:}
|
||||
The recent years reminded us that a global lockdown can become a necessity in a matter of months.
|
||||
Without access to the university, the xork of this thesis remain possible.
|
||||
Thanks to the great work of all the people at Palitronica Inc. the capture system is deployable anywhere with an internet connection.
|
||||
Many experiment were already performed outside of the lab and it is even possible to store data on premise for complete offline work.
|
||||
I already experienced this situation in 2020 when the university closed and I continued the work at home with some lab equipement.
|
||||
The xPSU project was entirely developped off-campus.
|
||||
Without access to the university, the work of this thesis remains possible.
|
||||
Thanks to the great work of all the people at Palitronica Inc., the capture system is now a robust product deployable anywhere with an internet connection.
|
||||
Many experiments were already performed outside of the lab, and it is even possible to store data on-premise for complete offline work.
|
||||
I already experienced this situation in 2020 when the university closed, and I continued to work at home with some lab equipment.
|
||||
The xPSU project was entirely developed off-campus.
|
||||
|
||||
\textbf{Unconvincing Results:}
|
||||
The first results of the SSSM problem are encouraging for the eploration of MSSM and SSMM problems.
|
||||
However, some unforeseen discovery could force to reevaluate the potential of this technology.
|
||||
As presented before, there is plenty of alternative routes to explore for physics-based \gls{ids}.
|
||||
First, there is room for improving the performances of the SSSM detector.
|
||||
A better accuracy, a greater number of states, a lower training requirement or higher time-efficiency are all valuable improvements to pursue.
|
||||
The first results of the SSSM problem are encouraging for the exploration of MSSM and SSMM problems.
|
||||
However, some unforeseen discoveries could force us to reevaluate the potential of this technology.
|
||||
As presented before, there are plenty of alternative routes to explore for physics-based \gls{ids}.
|
||||
First, there is room for improving the performance of the SSSM detector.
|
||||
A better accuracy, a greater number of states, a lower training requirement or higher time efficiency, are all valuable improvements to pursue.
|
||||
Second, the range of machines that can benefit from this technology is wide.
|
||||
Experimentations with different machines for different use-cases can reveal unknown specific challenges.
|
||||
Finally, complementary projects such as the xPSU, the covert channel, or the specific activities detectors are all interesting projects that would undoubtebly reveal new problems to explore.
|
||||
Experimentations with different machines for different use cases can reveal unknown specific challenges.
|
||||
Finally, complementary projects such as the xPSU, the covert channel, or the specific activity detectors are all interesting projects that would undoubtedly reveal new problems to explore.
|
||||
|
||||
%There is no lack of interesting problems to study in the field of physics-based cyber-security.
|
||||
|
||||
\section{Publications}
|
||||
|
||||
From the current work, multiple articles have been submitted for publications.
|
||||
From the current work, multiple articles have been submitted for publication.
|
||||
|
||||
\begin{itemize}
|
||||
\item The initial results of the exploration of the \gls{eet} technology were compiled
|
||||
\item The initial results of the exploration of the \gls{eet} technology were compiled in a paper presented in the MLCS workshop of the ECML-PKDD conference \cite{eet1_mlcs}.
|
||||
|
||||
\item The resutls of the \gls{bpv} were detailed in a work-in-progress paper presented in EMSOFT 2021 \cite{grisel2022work}.
|
||||
The complete the findings of this first paper, more experiment were conducted on a wider variety of machines and exploring diverse optimisations techniques.
|
||||
A paper compiling these new findings is currently under review for QRS 2023.
|
||||
To complete the findings of this first paper, more experiments were conducted on a wider variety of machines and exploring diverse optimization techniques.
|
||||
A workshop paper compiling these new findings was accepted for QRS 2023 \cite{bpv_qrs}.
|
||||
|
||||
\item Also for submitted for QRS 2023, an article about \gls{dsd} is under review.
|
||||
\item Also accepter for QRS 2023, an article about \gls{dsd} details the capabilities of the method to detect cybersecurity policies violation \cite{dsd_qrs}.
|
||||
\end{itemize}
|
||||
|
||||
For futur work, multiple conferences are apropriate for publishing.
|
||||
|
||||
\begin{itemize}
|
||||
\item KDD is a major conference in the domain of knowledge discovery and information mining.
|
||||
The algorithmes developped for mining and identifying consumption patterns will make adequate submissions for this conferencee
|
||||
\item QRS is a software-oriented conference with an interest for intrusion detection and security.
|
||||
An evaluation of the intrusion detection capabilities of the different application of the physics-based IDS would make adequate submissions for this conference.
|
||||
\item WIFS is an anual workshop centered on Security and Forensics.
|
||||
Side projects like the power consumption covert channel or forensic capabilities of main work of this thesis would fit well in this workshop.
|
||||
\end{itemize}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue