grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add reference to articles

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-09-29 08:12:37 -04:00
parent d24aa59706
commit 2ea0650c00
2 changed files with 24 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
PhD/research_proposal/bibliography.bib
View file

@ -1772,6 +1772,26 @@ series = {CCS '02}
publisher={Elsevier} publisher={Elsevier}
} }
@inproceedings{eet1_mlcs,
title={Side-channel Based Runtime Intrusion Detection for Network Equipment},
author={Arthur Grisel-Davy and Goksen U. Guler and Julian Dickert and Philippe Vibien and Waleed Khan and Jack Morgan and Carlos Moreno and Sebastian Fischmeister.},
booktitle={ECML-PKDD, Workshop on Machine Learning for Cyber Security},
year={2023},
}
@inproceedings{bpv_qrs,
title={Independent Boot Process Verification using Side-Channel Power Analysis},
author={Grisel-Davy, Arthur and Fischmeister, Sebastian},
booktitle={IEEE Intrenational Conference on Software Quality, Reliability, and Security (QRS)},
year={2023},
organization={IEEE}
}
@inproceedings{dsd_qrs,
title={MAD: One-Shot Machine Activity Detector for Physics-Based Cyber Security},
author={Grisel-Davy, Arthur and Fischmeister, Sebastian},
booktitle={IEEE Intrenational Conference on Software Quality, Reliability, and Security (QRS)},
year={2023},
organization={IEEE}
}
@inproceedings{grisel2022work, @inproceedings{grisel2022work,
title={Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis}, title={Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis},
author={Grisel-Davy, Arthur and Bhogayata, Amrita Milan and Pabbi, Srijan and Narayan, Apurva and Fischmeister, Sebastian}, author={Grisel-Davy, Arthur and Bhogayata, Amrita Milan and Pabbi, Srijan and Narayan, Apurva and Fischmeister, Sebastian},

5
PhD/research_proposal/pastwork.tex
View file

@ -22,7 +22,6 @@ For these reasons, network switches are prime candidates for side-channel securi
The installation of a side-channel monitoring system is often minimally invasive and can even be performed without downtime if the machine supports redundant power supplies. The installation of a side-channel monitoring system is often minimally invasive and can even be performed without downtime if the machine supports redundant power supplies.
The aim of the project was to leverage side-channel analysis to detect anomalous activities that can be related to attacks on a network switch. The aim of the project was to leverage side-channel analysis to detect anomalous activities that can be related to attacks on a network switch.
The goal is not to create a complete \gls{ids} suite from physics-based security but to offer a complementary detection mechanism for the cases where traditional \gls{ids} are failing. The goal is not to create a complete \gls{ids} suite from physics-based security but to offer a complementary detection mechanism for the cases where traditional \gls{ids} are failing.
\agd{ask sebastian about examples of traditional H|N-IDS}
\subsection{Attack Scenario} \subsection{Attack Scenario}
@ -106,6 +105,8 @@ All these methods yield good results for the detection of abnormal firmware.
\label{fig:eet1_firmware} \label{fig:eet1_firmware}
\end{figure} \end{figure}
This first exploration of the capabilities of physics-based \gls{ids} lead to the publication of an article \cite{eet1_mlcs} at the workshop on Machine Learning for Cyber Security at the ECML-PKDD conference.
\newpage \newpage
\section{xPSU}\label{sec:xpsu} \section{xPSU}\label{sec:xpsu}
The xPSU project continued the exploratory work started with the \gls{eet} project. The xPSU project continued the exploratory work started with the \gls{eet} project.
@ -192,6 +193,7 @@ We performed the second evaluation on a drone.
A drone is a prime machine for the \gls{bpv} as its low complexity allows for consistent boot traces. A drone is a prime machine for the \gls{bpv} as its low complexity allows for consistent boot traces.
We successfully detected different firmware versions by leveraging the information from the two previous experiments. We successfully detected different firmware versions by leveraging the information from the two previous experiments.
Along the evaluations, the \gls{bpv} capabilities have been modified to adapt to specific cases and enable anomalous training samples, multi-model evaluations, and autonomous learning. Along the evaluations, the \gls{bpv} capabilities have been modified to adapt to specific cases and enable anomalous training samples, multi-model evaluations, and autonomous learning.
This expansion of the work on \gls{bpv} lead to the plublication of a paper \cite{bpv_qrs} at the QRS Conference.
\begin{table}[ht] \begin{table}[ht]
\centering \centering
@ -375,6 +377,7 @@ The normalized state edit distance is defined as
with $Lev$ the Levenshtein distance. with $Lev$ the Levenshtein distance.
This metric is complementary to the accuracy and will be computed for every evaluation of the the state detection algorithms. This metric is complementary to the accuracy and will be computed for every evaluation of the the state detection algorithms.
This work on the detection of machine activity from power consumption information lead to the publication of an article \cite{dsd_qrs} at the QRS conference.
\newpage \newpage
\section{Conclusion on Past Work} \section{Conclusion on Past Work}
The project of physics-based security at a global level with complete independence from the protected machine is not trivial. The project of physics-based security at a global level with complete independence from the protected machine is not trivial.