grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add contribution

Browse source
This commit is contained in:
Arthur 2024-11-25 10:46:08 +01:00
parent 42b1299512
commit 458d172716
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
procver/ACNS/main.tex
View file

@ -130,7 +130,7 @@ A \ac{cpu} are capable or hundreds to thousands of millions operations per secon
Each intruction triggers multiple consumptions patterns acrosses multiple components of the system.
Although --- in theory --- the power consumption is a sum of all these sub-consumptions, the reality of measurement --- in terms of resolution, accuracy, and sampling rate --- make single-instruction measurement unrealistic at a global scale of the \ac{cpu}.
Taking all these limitations into account, the power consumption of a machine --- and more specifically the global power consuption of its \ac{cpu} --- is a valuable complementary source of information.
Taking all these limitations into account, the power consumption of a machine --- and more specifically the global power consuimption of its \ac{cpu} --- is a valuable complementary source of information.
The correlation between a list of processes and the power consumption can enable the detection of process list tampering, evidence of malware activity.
@ -140,7 +140,11 @@ The correlation between a list of processes and the power consumption can enable
\subsection{Contribution}
This paper proposes a novel approach for detecting tampering on the process listing.
This paper proposes a novel approach for detecting tampering of process listing using power consumption traces.
After a period of learning on known-good data, a machine learning model can predict the expected power consumption of a the \ac{cpu} of a system from the list of processes at a point in time.
This expected consumption may diverge significantly from the real consumption and indicate an error in either source of information.
Assuming that the power consumption is immune to tampering due to its complete isolation from the monitored system, the source of the deviation can only result from an illegal modification of the process list.
The nature of the divergence can further inform about the nature of the tampering.
\section{Related Work}