From 7c4439e274d90cff5d1e34393e283f0f0df69662 Mon Sep 17 00:00:00 2001 From: Arthur Grisel-Davy Date: Wed, 13 Dec 2023 14:40:23 -0500 Subject: [PATCH] explain log verification part --- .../presentation/presentation.typ | 35 +++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/lv/initial_presentation/presentation/presentation.typ b/lv/initial_presentation/presentation/presentation.typ index 72e6bfc..bdf1fbf 100644 --- a/lv/initial_presentation/presentation/presentation.typ +++ b/lv/initial_presentation/presentation/presentation.typ @@ -183,12 +183,14 @@ supplement: none, columns: (auto,auto), gutter: 3pt, [#image("images/xpsu_illustration.svg", height:90%)], - [Points of measure: + [Points of Measure: - CPU - 3x Motherboard 3.3V, 5V and 12V - GPU - 3x Storage (MOLEX) 3.3V ,5V, and 12V - - Fans?] + - Fans? + Not Points of Measure: +- Motherboard-Powered Components] ) ] @@ -198,4 +200,33 @@ supplement: none, Log Verification ] +#slide(title: "Problem Statement")[ + #align(center)[ + Given a journal of event $J$ and a multivariate time series $t_s$ covering the same time periodand machine, verify that no log was added or removed from the journal. + ] +] +#slide(title: "Approaches")[ +- Approach 1: + #list([Mine patterns from training journal], [apply DSD to each dimension], [Compare]) + #pause +- Approach 2: + #list([Extract patterns from training journal],[Train time-series classification model on multivariate data], [Classify power patterns for each event journal entry]) +] + +#slide(title: "Experiment Design / Data Collection")[ +- What OS to consider? + - What log journal to consider? Linux is easier to collect, windows is more realistic. + #pause +- What activity to simulate? + - Program to fake activity -> Reproducible, Easy + - Real user -> Realistic, Expensive + #pause +- What logs to verify? + - Previous work on merging similar logs into meta-events. + - Should consider all logs or limit to verifyable ones? + #pause +- Whould dataset present real attacks? + - Real attacks faking logs are difficult to perform. + - Faking attack is easy (tamper with $J$) but less realistic. +]