start presentation log verification

2023-12-12 11:04:19 -05:00 · 2023-12-12 11:04:19 -05:00 · 717037ffb7
commit 717037ffb7
parent 7f6dffdecc
37 changed files with 68455 additions and 0 deletions
--- a/lv/initial_presentation/presentation/presentation.typ
+++ b/lv/initial_presentation/presentation/presentation.typ
@ -0,0 +1,179 @@
+#import "@preview/polylux:0.3.1": *
+#import themes.metropolis: *
+#import "@preview/tablex:0.0.5": tablex, hlinex, vlinex, colspanx, rowspanx
+
+#show: metropolis-theme.with(
+  footer: [CC BY-SA 4.0 Arthur Grisel-Davy]
+)
+
+#set text(font: "Fira Sans", weight: "light", size: 20pt)
+#show math.equation: set text(font: "Fira Math")
+#set strong(delta: 100)
+#set par(justify: true)
+
+#title-slide(
+  author: [Arthur Grisel-Davy, Sebastian Fischmeister],
+  title: text(size: 30pt, weight: 500)[MAD: One-Shot Machine Activity Detector for Physics-Based Cyber Security],
+  subtitle: "",
+  date: "University of Waterloo",
+  extra: "agriseld@uwaterloo.ca"
+)
+
+//#slide(title: "Table of contents")[
+//  #metropolis-outline
+//]
+
+#slide(title: "Introduction")[
+    #only(1)[#figure(image("images/wein_p1.svg", height: 100%))]
+    #only(2)[#figure(image("images/wein_p2.svg", height: 100%))]
+    #only(3)[#figure(image("images/wein_p3.svg", height: 100%))]
+    #only(4)[#figure(image("images/wein_p4.svg", height: 100%))]
+    #only(5)[#figure(image("images/wein_p5.svg", height: 100%))]
+]
+
+
+#slide(title: "Problem Statement")[
+#align(center)[Given a #text(fill: blue, weight:400 )[discretized time series $t$] and a #text(fill: red, weight:400)[set of patterns $P=\{P_1, dots.h, P_n\}$], identify a mapping $m: NN arrow.r P union lambda$ such that every sample $t[i]$ maps to a pattern in $P union lambda$ with the condition that the sample #text(fill: purple, weight: 400)[matches] an occurrence of the pattern in $t$.]
+]
+
+//#slide(title: "Proposed Approach")[
+//    #only(1)[#figure(image("images/aproach_p1.svg", width: 100%))]
+//    #only(2)[#figure(image("images/aproach_p2.svg", width: 100%))]
+//    #only(3)[#figure(image("images/aproach_p3.svg", width: 100%))]
+//    #only(4)[#figure(image("images/aproach_p4.svg", width: 100%))]
+//    #only(5)[#figure(image("images/aproach_p5.svg", width: 100%))]
+//    #only(6)[#figure(image("images/aproach_p6.svg", width: 100%))]
+//    #only(7)[#figure(image("images/aproach_p7.svg", width: 100%))]
+//    #only(8)[#figure(image("images/aproach_p8.svg", width: 100%))]
+//    #only(9)[#figure(image("images/aproach_p9.svg", width: 100%))]
+//]
+
+
+#slide(title: "Proposed Approcah")[
+#align(center)[
+#text(weight: "bold")[Metric:] The distance between a sample and a pattern is the minimum normalized distance between the pattern and any pattern-length substring that includes the samples.
+#v(1cm)
+#text(weight: "bold")[Decision:] Each sample receives the label of the closest training pattern.
+]
+]
+
+//#slide(title: "2D Interpretation")[
+//    
+//    #only(1)[#figure(image("images/2d_p1.svg", width: 100%))]
+//    #only(2)[#figure(image("images/2d_p2.svg", width: 100%))]
+//    #only(3)[#figure(image("images/2d_p3.svg", width: 100%))]
+//    #only(4)[#figure(image("images/2d_p4.svg", width: 100%))]
+//    #only(5)[#figure(image("images/2d_p5.svg", width: 100%))]
+//]
+
+#slide(title: "Question")[
+#align(center)[Should the algorithm #text(weight: "bold")[always] choose a label?]
+]
+
+#slide(title: "2D Interpretation")[
+    
+    #figure(image("images/2d_p6.svg", width: 100%))
+]
+
+#slide(title: "Parameter "+sym.alpha)[
+    #figure(
+        image("images/areas.svg", width: 100%)
+    )
+#align(center)[With $alpha lt.triple 2$, the algorithm acquire novelty-detection capability.]
+]
+
+#slide(title: "Performance Metric")[
+#figure(
+        image("images/metric.svg", width: 100%)
+    )
+]
+
+
+#slide(title: "Case Study 1")[
+
+#align(center)[
+#figure(
+tablex(
+    columns: (auto, auto, auto),
+    auto-vlines: false,
+    repeat-header: false,
+    align: (left+horizon,right+horizon,right+horizon),
+    [#text(weight:"bold")[Dataset]], [#text(weight: "bold")[Length]], [#text(weight: "bold")[Number of Occurences]],
+    [NUCPC-0], [22700], [11],
+    [NUCPC-1], [7307], [8],
+    [Generated], [15540], [18],
+    [WAP-ASUS], [26880], [18],
+    [WAP-LINKSYS], [22604], [18],
+    [REFIT-H4A4], [5366], [17],
+    [REFIT-H4A1], [100000], [142]
+),
+caption: "Results of the case study 1",
+supplement: none,
+)
+]
+
+]
+#slide(title: "Case Study 1 - Results")[
+#figure(
+        image("images/dsd_acc.svg", height: 100%)
+    )
+]
+
+
+#slide(title: "Case Study 2")[
+#image("images/rules_pipeline.svg", width:100%)
+]
+
+#slide(title: "Case Study 2")[
+#align(center)[
+#image("images/2w_experiment.svg", width: 90%)
+
+#tablex(
+    columns: (auto, auto, auto),
+    auto-vlines: false,
+    repeat-header: false,
+    align: (left+horizon,right+horizon,right+horizon),
+    [#text(weight:"bold")[Rule ID]], [#text(weight: "bold")[Rule]], [#text(weight: "bold")[Threat]],
+    [1], ["SLEEP" state only], [Machine takeover, Botnet, Rogue employee],
+    [2], [No "SLEEP" for more than 8m], [System malfunction],
+    [3], [One "REBOOT"], [APT, Backdoors],
+    [4], [No "HIGH" for more than 30s], [Crypto mining, Ransomware, Botnet],
+)
+]
+]
+
+
+#slide(title: "Case Study 2")[
+#figure(
+        image("images/preds.svg", height: 100%)
+    )
+]
+
+#slide(title: "Case Study 2 - Results")[
+#align(center)[
+#figure(
+tablex(
+    columns: (auto, auto, auto),
+    auto-vlines: false,
+    repeat-header: false,
+    align: (left+horizon,right+horizon,right+horizon),
+    [#text(weight:"bold")[Rule]], [#text(weight: "bold")[Violation Ratio]], [#text(weight: "bold")[Micro-$F_1$]],
+    [Night Sleep], [0.33], [1.0],
+    [Work Hours], [0.3], [1.0],
+    [Reboot], [0.48], [1.0],
+    [No Long High], [0.75], [1.0],
+),
+caption: "Results of the case study 2",
+supplement: none,
+)
+]
+]
+
+#slide(title: "Future Work")[
+- Automatic Training (Patterns Extraction) #pause
+- Multivariate Support
+]
+
+#focus-slide()[
+    Log Verification
+]