diff --git a/EET1/MLCS_conference/presentation.tex b/EET1/MLCS_conference/presentation.tex index c49d17e..a66b05b 100644 --- a/EET1/MLCS_conference/presentation.tex +++ b/EET1/MLCS_conference/presentation.tex @@ -111,12 +111,109 @@ \includegraphics[height=0.9\textheight]{images/Firmware_Comparison_TD_direct.pdf} \end{center} \end{frame} + +\begin{frame}{Experiment Family I - Firmware Manipulation} +Experiment 1: Classifying Firmware Version +\begin{table}[ht] + \centering + \begin{tabular}{lccc} + \toprule + \textbf{Data} & \textbf{Model} & \textbf{Macro F1 Score} & \textbf{Accuracy} \tabularnewline + \midrule + \multirow{2}*{DC Time Domain} & RFC & \numprint[\%]{100} & \numprint[\%]{100} \tabularnewline + & SVM & \numprint[\%]{96.8} & \numprint[\%]{99.3}\tabularnewline + \midrule + \multirow{2}*{AC Time Domain}& RFC & \numprint[\%]{87.4} & \numprint[\%]{98.9} \tabularnewline + & SVM & \numprint[\%]{75.8} & \numprint[\%]{95.5} \tabularnewline + \midrule + \multirow{2}*{DC Frequency Domain} & RFC & \numprint[\%]{97.6} & \numprint[\%]{99.8} \tabularnewline + & SVM & \numprint[\%]{95.3} & \numprint[\%]{96.0} \tabularnewline + \bottomrule + \end{tabular} + \caption{Comparison between the different algorithms for firmware classification.} + \label{tab:fw-results} +\end{table} +\end{frame} + +\begin{frame}{Experiment Family I - Firmware Manipulation} +Experiment 2: Detecting Firmware Change +\end{frame} + + \begin{frame}{Experiment Family II - Run-Time Monitoring} \begin{center} \includegraphics[height=0.9\textheight]{images/time_domain_ssh.pdf} \end{center} \end{frame} +\begin{frame}{Experiment Family II - Runtime Monitoring} +Experiment 1: Detecting SSH Login Attempts +\begin{table}[ht] + \begin{center} + + \begin{tabular}{ccccccc} + \toprule + \textbf{Model} & \textbf{Precision} & \textbf{Recall} & \textbf{F1 Score} & \textbf{Accuracy} & \textbf{FPR} & \textbf{FNR} \tabularnewline + \midrule + %& \multicolumn{5}{>{\hsize=\dimexpr5\hsize+5\tabcolsep+\arrayrulewidth\relax}Y}{\textbf{Time Domain}} & \tabularnewline + \midrule + RFC & \numprint[\%]{95} & \numprint[\%]{97} & \numprint[\%]{95} & \numprint[\%]{97} & \numprint[\%]{0.6} & \numprint[\%]{14} \tabularnewline + SVM & \numprint[\%]{95} & \numprint[\%]{97} & \numprint[\%]{96} & \numprint[\%]{98} & \numprint[\%]{0.8} & \numprint[\%]{8} \tabularnewline + 1D~CNN & \numprint[\%]{94} & \numprint[\%]{93} & \numprint[\%]{93} & \numprint[\%]{96} & \numprint[\%]{2} & \numprint[\%]{9} \tabularnewline + \midrule + %& \multicolumn{5}{>{\hsize=\dimexpr5\hsize+5\tabcolsep+\arrayrulewidth\relax}Y}{\textbf{Frequency Domain}} & \tabularnewline + \midrule + RFC & \numprint[\%]{89} & \numprint[\%]{67} & \numprint[\%]{72} & + \numprint[\%]{88} & + \numprint[\%]{12} & + \numprint[\%]{8} \tabularnewline + SVM & -- & -- & -- & -- & -- & -- \tabularnewline + 1D~CNN & + \numprint[\%]{90} & \numprint[\%]{90} & \numprint[\%]{90} & \numprint[\%]{94} & + \numprint[\%]{3} & + \numprint[\%]{17} \tabularnewline + \midrule + %& \multicolumn{5}{>{\hsize=\dimexpr5\hsize+5\tabcolsep+\arrayrulewidth\relax}Y}{\textbf{Time + Frequency Domain}} & \tabularnewline + \midrule + 1D~CNN & \numprint[\%]{89} & + \numprint[\%]{95} & + \numprint[\%]{92} & + \numprint[\%]{95} & + \numprint[\%]{1} & + \numprint[\%]{20} \tabularnewline + \bottomrule + \end{tabular} + + \end{center} + \caption{Comparison between the different algorithms for detecting SSH login attempts.} + \label{tab:ssh-precision-comparison} +\end{table} +\end{frame} + +\begin{frame}{Experiment Famili II - Runtime Monitoring} + Experiment 2: Classifying SSH Login Attemps + \begin{table}[ht] + \begin{center} + \begin{tabular}{ccccccc} + \toprule + \textbf{Model} & \textbf{Precision} & \textbf{Recall} & \textbf{F1 Score} & \textbf{Accuracy} & \textbf{FPR} & \textbf{FNR} \tabularnewline + \midrule + & \multicolumn{5}{>{\hsize=\dimexpr5\hsize+5\tabcolsep+\arrayrulewidth\relax}c}{\textbf{Time Domain}} & \tabularnewline + \midrule + RFC & \numprint[\%]{97} & \numprint[\%]{97} & \numprint[\%]{97} & \numprint[\%]{96.7} & \numprint[\%]{12} & \numprint[\%]{8} \tabularnewline + SVM & \numprint[\%]{99} & \numprint[\%]{99} & \numprint[\%]{99} & \numprint[\%]{98.5} & + \numprint[\%]{1} & + \numprint[\%]{1.5} \tabularnewline + 1D~CNN & \numprint[\%]{98.5} & + \numprint[\%]{98} & \numprint[\%]{98} & \numprint[\%]{98} & \numprint[\%]{1} & \numprint[\%]{2} \tabularnewline + \bottomrule + \end{tabular} + \end{center} + \caption{Comparison between the different algorithms for classifying SSH login attempts.} + \label{tab:ssh-classification-precision-comparison} +\end{table} +\end{frame} + \begin{frame}{Experiment Family III - Hardware Tampering} \begin{center} \includegraphics[height=\textheight]{images/switch.jpg} @@ -129,6 +226,27 @@ \end{center} \end{frame} +\begin{frame}{Experiment Family III - Hardware Tampering} + Experiment 1: Identifying the Number of Expansion Modules + \begin{table}[ht] + \begin{center} + \begin{tabular}{ccccc} + \toprule + \textbf{Input Data} & \textbf{Model} & \textbf{Accuracy} & \textbf{Recall}\tabularnewline + \midrule + DC & SVM & \numprint[\%]{100} & \numprint[\%]{100}\tabularnewline + DC & KNN & \numprint[\%]{100} & \numprint[\%]{100}\tabularnewline + DC & SVM & \numprint[\%]{99.5} & \numprint[\%]{99.45}\tabularnewline + \bottomrule + \end{tabular} + \end{center} + \caption{Comparison between the different models for hardware detection with a stratified 10-fold cross validation setup.} + \label{tab:hardware-results} +\end{table} +\end{frame} + +\begin{frame}{Conclusion} +\end{frame} \end{document}