explain log verification part

lv/initial_presentation/presentation/presentation.typ

@@ -183,12 +183,14 @@ supplement: none,
         columns: (auto,auto),
         gutter: 3pt,
         [#image("images/xpsu_illustration.svg", height:90%)],
-        [Points of measure:
+        [Points of Measure:
         - CPU
         - 3x Motherboard 3.3V, 5V and 12V
         - GPU
         - 3x Storage (MOLEX) 3.3V ,5V, and 12V
-        - Fans?]
+        - Fans?
+    Not Points of Measure:
+- Motherboard-Powered Components]
     )
 ]
 
@@ -198,4 +200,33 @@ supplement: none,
     Log Verification
 ]
 
+#slide(title: "Problem Statement")[
+    #align(center)[
+        Given a journal of event $J$ and a multivariate time series $t_s$ covering the same time periodand machine, verify that no log was added or removed from the journal.
+        ]
+]
 
+#slide(title: "Approaches")[
+- Approach 1: 
+  #list([Mine patterns from training journal], [apply DSD to each dimension], [Compare])
+  #pause
+- Approach 2:
+  #list([Extract patterns from training journal],[Train time-series classification model on multivariate data], [Classify power patterns for each event journal entry])
+]
+
+#slide(title: "Experiment Design / Data Collection")[
+- What OS to consider?
+  - What log journal to consider? Linux is easier to collect, windows is more realistic.
+  #pause
+- What activity to simulate?
+  - Program to fake activity -> Reproducible, Easy
+  - Real user -> Realistic, Expensive
+  #pause
+- What logs to verify?
+  - Previous work on merging similar logs into meta-events.
+  - Should consider all logs or limit to verifyable ones?
+  #pause
+- Whould dataset present real attacks?
+  - Real attacks faking logs are difficult to perform.
+  - Faking attack is easy (tamper with $J$) but less realistic.
+]