grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add results for bpv

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-08-01 16:26:16 -04:00
parent fee0323ee1
commit 66397ac8d5
3 changed files with 52 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

38
PhD/research_proposal/pastwork.tex
View file

@ -176,24 +176,42 @@ The distance of each new trace to the reference average is computed and compared
If the distance is above the pre-computed threshold, the new trace is considered anomalous.
\subsection{Results}
We evaluated the \gls{bpv} on three occasions.
We evaluated the \gls{bpv} on two occasions.
First, we assembled a panel of relevant devices, including switches, \gls{wap} and \gls{pc}.
The evaluations revealed that the \gls{bpv} performed better on simpler devices like switches and \gls{wap} compared to general-purpose computers.
This is mainly due to the reduced variability and noise in the traces captured from simpler devices that produce a more robust model.
This first study leads to the publication of a work-in-progress paper in the EMSOFT 2022 conference \cite{grisel2022work} that describes the design and capabilities of the \gls{bpv} in its first version.
Then, we performed a case study with an industry partner on \gls{rtu}.
The \gls{rtu} was composed of one low-complexity embedded system and one main general-purpose computer.
The computer's activity overtook most of the other information in the trace and made it more difficult to detect subtle variations.
However, the \gls{bpv} could still detect intrusions in the computer from the global trace.
For example, a user modifying some settings through the \gls{bios} or booting into a different \gls{os} was detected.
This case study revealed that some systems could have multiple valid modes of the boot sequence.
This discovery enabled us to rethink the model of the \gls{bpv} to allow such variations.
We performed the final evaluation on a drone.
%Then, we performed a case study with an industry partner on \gls{rtu}.
%The \gls{rtu} was composed of one low-complexity embedded system and one main general-purpose computer.
%The computer's activity overtook most of the other information in the trace and made it more difficult to detect subtle variations.
%However, the \gls{bpv} could still detect intrusions in the computer from the global trace.
%For example, a user modifying some settings through the \gls{bios} or booting into a different \gls{os} was detected.
%This case study revealed that some systems could have multiple valid modes of the boot sequence.
%This discovery enabled us to rethink the model of the \gls{bpv} to allow such variations.
We performed the second evaluation on a drone.
A drone is a prime machine for the \gls{bpv} as its low complexity allows for consistent boot traces.
We successfully detected different firmware versions by leveraging the information from the two previous experiments.
Along the evaluations, the \gls{bpv} capabilities have been modified to adapt to specific cases and enable anomalous training samples, multi-model evaluations, and autonomous learning.
\agd{add results}
\begin{table}[ht]
\centering
\begin{tabular}{lccc}
\toprule
\textbf{Test Case} & \textbf{Experiment} & \textbf{F1 Score} \tabularnewline
\toprule
\multirow{4}*{Network Devices} & TP-Link switch & 0.87\tabularnewline
& HP switch & 0.98 \tabularnewline
& Asus Router & 1.00\tabularnewline
& Linksys Router & 0.92\tabularnewline
\midrule
\multirow{4}*{Drone} & Original & 1.00\tabularnewline
& Compiled & 1.00\tabularnewline
& Low Battery & 1.00\tabularnewline
& Bootloader Bug & 1.00\tabularnewline
\bottomrule
\end{tabular}
\label{tab:fw-results}
\end{table}
\newpage
\section{State Detection and Segmentation}

27
PhD/research_proposal/presentation.tex
View file

@ -98,7 +98,6 @@
& AC SVM & & \numprint[\%]{99.5} \tabularnewline
\bottomrule
\end{tabular}
\label{tab:fw-results}
\end{table}
\footnote{Published in \textit{Side-channel Based Runtime Intrusion Detection for Network Equipment} at MLCS (Workshop of ECML-PKDD 2023)}
@ -110,9 +109,6 @@
\includegraphics[height=0.9\textheight]{images/xpsu_illustration.pdf}
\end{figure}
\end{frame}
\begin{frame}{ Preliminary Work - xPSU}
\end{frame}
\begin{frame}{Preliminary Work - SDS \& BPV}
\begin{figure}
@ -124,8 +120,29 @@
\begin{frame}{Preliminary Work - SDS \& BPV}
\begin{figure}
\centering
\includegraphics[width=0.8\textwidth]{images/training_bpv.pdf}
\includegraphics[width=0.9\textwidth]{images/training_bpv.pdf}
\end{figure}
\end{frame}
\begin{frame}{Preliminary Work - SDS \& BPV}
\begin{table}[ht]
\centering
\begin{tabular}{lccc}
\toprule
\textbf{Test Case} & \textbf{Experiment} & \textbf{F1 Score} \tabularnewline
\toprule
\multirow{4}*{Network Devices} & TP-Link switch & 0.87\tabularnewline
& HP switch & 0.98 \tabularnewline
& Asus Router & 1.00\tabularnewline
& Linksys Router & 0.92\tabularnewline
\midrule
\multirow{4}*{Drone} & Original & 1.00\tabularnewline
& Compiled & 1.00\tabularnewline
& Low Battery & 1.00\tabularnewline
& Bootloader Bug & 1.00\tabularnewline
\bottomrule
\end{tabular}
\end{table}
\footnote{Published in \textit{Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis} at EMSOFT 2022\\
and in \textit{Independent Boot Process Verification using Side-Channel Power Analysis} at QRS 2023}
\end{frame}

2
PhD/research_proposal/proposal.tex
View file

@ -133,6 +133,8 @@
}{} % end of ifthenelse (no else)
\usepackage{cite}
\usepackage{multirow}
\usepackage{booktabs}
\usepackage[acronyms]{glossaries} % Exception to the rule of hyperref being the last add-on package
% If glossaries-extra is not in your LaTeX distribution, get it from CTAN (http://ctan.org/pkg/glossaries-extra),
% although it's supposed to be in both the TeX Live and MikTeX distributions. There are also documentation and