diff --git a/PhD/research_proposal/bibliography.bib b/PhD/research_proposal/bibliography.bib index 3f43594..318c5f8 100644 --- a/PhD/research_proposal/bibliography.bib +++ b/PhD/research_proposal/bibliography.bib @@ -1772,6 +1772,26 @@ series = {CCS '02} publisher={Elsevier} } +@inproceedings{eet1_mlcs, + title={Side-channel Based Runtime Intrusion Detection for Network Equipment}, + author={Arthur Grisel-Davy and Goksen U. Guler and Julian Dickert and Philippe Vibien and Waleed Khan and Jack Morgan and Carlos Moreno and Sebastian Fischmeister.}, + booktitle={ECML-PKDD, Workshop on Machine Learning for Cyber Security}, + year={2023}, +} +@inproceedings{bpv_qrs, + title={Independent Boot Process Verification using Side-Channel Power Analysis}, + author={Grisel-Davy, Arthur and Fischmeister, Sebastian}, + booktitle={IEEE Intrenational Conference on Software Quality, Reliability, and Security (QRS)}, + year={2023}, + organization={IEEE} +} +@inproceedings{dsd_qrs, + title={MAD: One-Shot Machine Activity Detector for Physics-Based Cyber Security}, + author={Grisel-Davy, Arthur and Fischmeister, Sebastian}, + booktitle={IEEE Intrenational Conference on Software Quality, Reliability, and Security (QRS)}, + year={2023}, + organization={IEEE} +} @inproceedings{grisel2022work, title={Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis}, author={Grisel-Davy, Arthur and Bhogayata, Amrita Milan and Pabbi, Srijan and Narayan, Apurva and Fischmeister, Sebastian}, diff --git a/PhD/research_proposal/pastwork.tex b/PhD/research_proposal/pastwork.tex index f2c2802..417fb9b 100644 --- a/PhD/research_proposal/pastwork.tex +++ b/PhD/research_proposal/pastwork.tex @@ -22,7 +22,6 @@ For these reasons, network switches are prime candidates for side-channel securi The installation of a side-channel monitoring system is often minimally invasive and can even be performed without downtime if the machine supports redundant power supplies. The aim of the project was to leverage side-channel analysis to detect anomalous activities that can be related to attacks on a network switch. The goal is not to create a complete \gls{ids} suite from physics-based security but to offer a complementary detection mechanism for the cases where traditional \gls{ids} are failing. -\agd{ask sebastian about examples of traditional H|N-IDS} \subsection{Attack Scenario} @@ -106,6 +105,8 @@ All these methods yield good results for the detection of abnormal firmware. \label{fig:eet1_firmware} \end{figure} +This first exploration of the capabilities of physics-based \gls{ids} lead to the publication of an article \cite{eet1_mlcs} at the workshop on Machine Learning for Cyber Security at the ECML-PKDD conference. + \newpage \section{xPSU}\label{sec:xpsu} The xPSU project continued the exploratory work started with the \gls{eet} project. @@ -192,6 +193,7 @@ We performed the second evaluation on a drone. A drone is a prime machine for the \gls{bpv} as its low complexity allows for consistent boot traces. We successfully detected different firmware versions by leveraging the information from the two previous experiments. Along the evaluations, the \gls{bpv} capabilities have been modified to adapt to specific cases and enable anomalous training samples, multi-model evaluations, and autonomous learning. +This expansion of the work on \gls{bpv} lead to the plublication of a paper \cite{bpv_qrs} at the QRS Conference. \begin{table}[ht] \centering @@ -375,6 +377,7 @@ The normalized state edit distance is defined as with $Lev$ the Levenshtein distance. This metric is complementary to the accuracy and will be computed for every evaluation of the the state detection algorithms. +This work on the detection of machine activity from power consumption information lead to the publication of an article \cite{dsd_qrs} at the QRS conference. \newpage \section{Conclusion on Past Work} The project of physics-based security at a global level with complete independence from the protected machine is not trivial.