grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

gramarly futurwork

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-10-02 09:39:02 -04:00
parent 548337df0d
commit cf15a444a1
2 changed files with 33 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

65
PhD/research_proposal/futurwork.tex
View file

@ -1,24 +1,24 @@
\chapter{Planned Work}\label{chap:futurwork}
All the work achieved in the preliminary work serves as the foundation for the planned work.
The thesis will focus on the state detection problem under various input data and detection requirements.
Detecting the state of a system constitute a stepping stone in the construction of specialized tools for physics-based security.
Detecting the state of a system constitutes a stepping stone in the construction of specialized tools for physics-based security.
As illustrated by the \gls{sds} and \gls{bpv}, the detection of specific attacks often relies on the ability to pre-process the time series to find sections of interest.
In this sense, solving the state detection problem enables a deeper investigation of power consumption by making the data actionable.
The different machines and data measurement designs lead to different problems to solve and different detection capabilities.
This chapter described the problems to study with their problem statement as well as the motivations and expected results.
The problems are discretized based on the input data and measured machines that constitute the power trace.
A single sensor only measure the power flowing through one cable.
It is possible to combine sensores to measure multiple related consumptions --- for example, the consumptions of different components in the same machine.
In this case, the problem is called \textit{multi-measure} and the resulting input data is multivariate trace.
It is also possible to place the sensor on a power cable that provide power to multiple machines.
In this case, the problem is called \textit{multi-sources} and the resulting input data is an aggregate of multiple traces.
The difference between machines and components is a fine and blury line as the description of a machine often fits individual components.
In this thesis, a component is a system that expects instructions from a central unit while a machine run its own software.
A single sensor only measures the power flowing through one cable.
It is possible to combine sensors to measure multiple related consumptions --- for example, the consumptions of different components in the same machine.
In this case, the problem is called \textit{multi-measure}, and the resulting input data is a multivariate trace.
It is also possible to place the sensor on a power cable that provides power to multiple machines.
In this case, the problem is called \textit{multi-sources}, and the resulting input data is an aggregate of multiple traces.
The difference between machines and components is a fine and blurry line, as the description of a machine often fits individual components.
In this thesis, a component is a system that expects instructions from a central unit while a machine runs its own software.
For example, at a macroscopic scale, a graphics card does not take the initiative on its own to run any software and expect instructions from the rest of the \gls{pc}.
Figure~\ref{fig:map} present an overview of the three main problems developped in this chapter.
Each problem present a variation in the input data, but they all share the same goal of activity detection.
Figure~\ref{fig:map} presents an overview of the three main problems developed in this chapter.
Each problem presents a variation in the input data, but they all share the same goal of activity detection.
\begin{figure}
\centering
@ -34,10 +34,10 @@ The global state are usualy \textit{OFF}, \textit{ON}, \textit{BOOT}, \textit{HI
Depending on the machine, other states like \textit{FIRMWARE FLASH}, \textit{SLEEP} or a specific activity mode can also be detected.
The experiments focus on the deployment to general-purpose computers, network switches, and \gls{wap}/routers.
In the next months, the goal for the \gls{dsd} is to evaluate the performances of the runtime state detection in broaders and more exhaustives conexts.
The current accuracy and edit distance performances (see Figure \ref{fig:dsd_acc}) illustrate the capabilities of the \gls{dsd} for the detection of well defined states --- i.e. states associated with a striking variation of average power consumption.
However, in order to provide a useful and reliable runtime labeling of the a machine's activity, the \gls{dsd} must achieve similar results with a more diverse selection of states.
The work on \gls{dsd} is the fundation for the planned development of more specific applications of the same principle of physics-based monitoring.
In the next months, the goal for the \gls{dsd} is to evaluate the performances of the runtime state detection in broader and more exhaustive contexts.
The current accuracy and edit distance performances (see Figure \ref{fig:dsd_acc}) illustrate the capabilities of the \gls{dsd} for the detection of well-defined states --- i.e. states associated with a striking variation of average power consumption.
However, in order to provide a useful and reliable runtime labelling of the machine's activity, the \gls{dsd} must achieve similar results with a more diverse selection of states.
The work on \gls{dsd} is the foundation for the planned development of more specific applications of the same principle of physics-based monitoring.
\begin{figure}
\centering
@ -49,8 +49,8 @@ The work on \gls{dsd} is the fundation for the planned development of more speci
\section{Single-Source, Multi-Measure}
The global power consumption of a machine does not fully describe its activity.
In an embedded system, the power consumption can be attributed to different components, each with its specific activity.
For the simplest systems performing one specific task, the activity of each component is often correlate with each other.
If the system is in a Mode \textit{A} then each component is in Mode \textit{A}, and the global power consumption will display the Mode \textit{A} pattern.
For the simplest systems performing one specific task, the activity of each component is often correlated with each other.
If the system is in a Mode \textit{A}, then each component is in Mode \textit{A}, and the global power consumption will display the Mode \textit{A} pattern.
For more complex systems, different components can be in different modes to accommodate the multi-tasking nature of the global activity.
In this case, if the first component is in Mode \textit{A} but the second is in Mode \textit{B}, this indicates a different global activity than if both are in the same mode.
For example, if the bootup sequence of a general-purpose computer shows a significant \gls{cpu} activity but no \gls{hdd} activity, it could indicate a failure to boot or an attacker booting the system from external storage.
@ -71,9 +71,9 @@ $ts$ is composed of $n$ dimensions with the $j^{th}$ dimension referred to as $t
Each sample $ts[i]$ is a vector or $n$ component representing the value of each dimension of $t$ at a point in time.
The items of the set $P$ are sets of patterns $P_j$ with $j\in[1,m]$.
Each set of patterns $P_j$ is associated with one component of a global pattern.
In other words, each component $P_{j,k}$ represent a the pattern $j$ along the $k^{th}$ dimension of $ts$.
In other words, each component $P_{j,k}$ represent a pattern $j$ along the $k^{th}$ dimension of $ts$.
Thus, the number of components of each pattern must be equal to the dimensions of $ts$.
Figure \ref{fig:notation} illustrate the $ts$ and $P$ objects.
Figure \ref{fig:notation} illustrates the $ts$ and $P$ objects.
\begin{figure}
\centering
@ -83,14 +83,12 @@ Figure \ref{fig:notation} illustrate the $ts$ and $P$ objects.
\end{figure}
\subsection{Applications}
The multi-measure setup present two potential benefits that will be investigated in this thesis.
First, correlated information could allows for a more robust detection mechanism.
The multi-measure setup presents two potential benefits that will be investigated in this thesis.
First, correlated information could enable a more robust detection mechanism.
If all components of a machine display behaviours associated with the same global activity, the detection confidence could improve compared with the global consumption only.
Second, multiple measures could enable a more granular activity detection.
With the power consumption measurement of multiple components available, every combination of component's activity can be associated with a different global activity.
These changes would allow for detecting potentially anomalous combinations of states and for a better understanding of the machine's behaviour.
\sfm{Because we address embedded stsrems, somewhere discuss the problem of actuators distorting the power trace (e.g., fans, motors, etc). You can link that to the MSSM problem.}
These changes would allow for detecting potentially anomalous combinations of states and better understanding the machine's behaviour.
The typical application of this technology would concern general-purpose computers or medium-complexity systems with multiple internal components.
These machines are typically difficult to profile with global consumption as each component influences the measure in a different way.
@ -103,7 +101,7 @@ If the Single-Source Multi-Measure was looking \textit{in} a machine to get more
In a context where measuring the consumption of individual machines is not possible, the problem of disambiguation arises.
Signal disambiguation is the ability to identify the source of each component signal from a single aggregated signal.
This is a difficult problem as the different sources can affect each other, sometimes in a non-linear way.
Figure \ref{fig:mssm_illustration} illustrate the aggregation of multiple consumption sources in a single measurement.
Figure \ref{fig:mssm_illustration} illustrates the aggregation of multiple consumption sources in a single measurement.
\begin{figure}
\centering
@ -129,11 +127,11 @@ The operator $\oplus$ is the aggregation function, generally the summation or ca
The MSSM problem can be expressed as a combination of $k$ SSSM problems with a different input time series.
Because the input is an aggregated time series, the patterns describing an activity may not appear similarly in the input.
These patterns may be distorded by the aggregation with another pattern from another source.
The main hurdle when developping a solution for the MSSM problem will be to correctly identify the distorded patterns when having access to all possible distortion sources (the other patterns).
The aggregation with another pattern from another source may distort these patterns.
The main hurdle when developing a solution for the MSSM problem will be correctly identifying the distorted patterns when accessing all possible distortion sources (the other patterns).
\subsection{Applications}
The successful design of a Multi-source Single-Measure monitoring system would finds its best application in an industrial setting.
The successful design of a Multi-source Single-Measure monitoring system would find its best application in an industrial setting.
Any industry that relies on many simple embedded systems to reliably perform a task can benefit from a monitoring system that is minimally disruptive to install.
For example, an assembly line can leverage hundreds of conveyor belt drivers, robotic arms, or quality assessment points.
Each type of system is simple in its design and task.
@ -145,14 +143,15 @@ The MSMM problem is a combination of the previous ones for which a clear applica
In an MSMM context, multiple capture systems would each measure an aggregate power consumption to form a multivariate time series.
Each dimension of this time series would incorporate the consumption of one or more individual components.
As long as the capture architecture (i.e., what machine is monitored by which capture system) is known, the analysis is a combination of the methods previously presented.
In the case where the capture architecture is unknown, the problem become out of scope for this thesis.
When the capture architecture is unknown, the problem becomes out of scope for this thesis.
\section{Conclusion}
The main problem is conceptually simple: identify machine activity from their power consumption to detect abnormal or forbidden activities.
The ability to interpret power consumption time series as higher-level events enables the definition of security-related rules.
The simplest form of this problem consist in measuring the global consumption of one simple devices as a univariate time-series (SSSM problem).
This problem lead to the developement of the \gls{dsd} which can already recognize some activity patterns from a machine.
However, the potential of this idea does no stop at the SSSM problem.
This problem's simplest form is measuring one single device's global consumption as a univariate time series (SSSM problem).
This problem leads to the development of the \gls{dsd}, which can already recognize some activity patterns from a machine.
However, the potential of this idea continues beyond the SSSM problem.
By capturing multiple consumptions from specific components from a machine (MSSM problem), the detection algorithm should support the detection of more granular activity.
Complementarily, measuring the aggregated consumption of multiple machines as a single time series offers powerfull applications.
Each of these problems require a different aproach and enable different applications.
Complementarily, measuring the aggregated consumption of multiple machines as a single time series offers powerful applications.
Each of these problems requires a different approach and enables different applications.