diff --git a/BPV/qrs/glossary.typ b/BPV/qrs/glossary.typ
index a42fe92..96e7135 100644
--- a/BPV/qrs/glossary.typ
+++ b/BPV/qrs/glossary.typ
@@ -120,4 +120,4 @@
}
doc
-}
\ No newline at end of file
+}
diff --git a/BPV/qrs/images/Bootup_traces_TPLINK.svg b/BPV/qrs/images/Bootup_traces_TPLINK.svg
index 813ed5a..db571d2 100644
--- a/BPV/qrs/images/Bootup_traces_TPLINK.svg
+++ b/BPV/qrs/images/Bootup_traces_TPLINK.svg
@@ -1,243 +1,672 @@
-
-
diff --git a/BPV/qrs/main.typ b/BPV/qrs/main.typ
index 5f535c8..f9c77d8 100644
--- a/BPV/qrs/main.typ
+++ b/BPV/qrs/main.typ
@@ -133,8 +133,8 @@ The integrity verification can also be performed at run-time as part of the firm
The above solutions to firmware attacks share the common flaw of being applied to the same machine they are installed on.
This allows an attacker to bypass these countermeasures after infecting the machine.
An attacker that could avoid triggering a verification, tamper with the verification mechanism, feed forged data to the verification mechanism, or falsify the verification report could render any defense useless.
-//This idea of necessary independence between target and the @IDS can be summarize with teh following statement.\
-//#align(center,text(weight: "bold", [An @IDS is incoherent if its deployement requires the cooperation of the entity it pretends to protect.]))
+// This idea of necessary independence between the target and the @IDS can be summarized in the following statement.\
+// #align(center,text(weight: "bold", [An @IDS is incoherent if its deployment requires the cooperation of the entity it pretends to protect.]))
@IDS are subjected to a trade-off between having access to relevant and meaningful information and keeping the detection mechanism separated from the target machine.
Our solution addresses this trade-off by leveraging side-channel information.
@@ -337,7 +337,7 @@ The second machine remained idle for the duration of the experiment.
From these samples representing nominal bootups, it appears that the machine presents multiple bootup modes.
Hence, the model is multi-modal with three modes.
See @multi-modal for more details about how multi-modal models are defined.
-@l3-training illustrates the power traces associated with each mode as well as the distance distribution and the thresholds.
+@l3-training illustrates the power traces associated with each mode.
#figure(
image("images/l3-training.svg", width:100%),
@@ -429,14 +429,14 @@ For each evaluation, a random set of $10$ consecutive traces is selected from th
The anomaly generator returns a training dataset composed of normal traces on one side and anomalous artificial traces on the other.
The models train using this dataset and are evaluated against a balanced dataset combining $M in [20,50]$ consecutive anomalous traces selected at random across all abnormal classes and as many nominal traces.
The testing set is balanced between nominal and abnormal traces.
-The training requires only a few nominal traces.
+//The training requires only a few nominal traces.
This evaluation is repeated $50$ times, and the $F_1$ score is computed for each iteration.
The final score is the average of these $F_1$ scores.
The results are presented in @tab-results.
#figure(
tablex(
- columns: 2,
+ columns: (40%,40%),
auto-vlines: false,
[*Machine*], [*BPV*],
[TP-Link switch], [0.87],
@@ -494,7 +494,8 @@ The experiment scenarios are:
#figure(
tablex(
auto-vlines: false,
- columns: (40%,20%,40%),
+ align: left,
+ columns: (40%,auto,auto),
[*Scenario*],[*Accuracy*], [*Nbr. of Samples*],
[Original],[1],[98],
[Compiled],[1],[49],
@@ -573,22 +574,21 @@ The anomalies that the power trace exhibits are a combination of types of transf
The anomaly generation function combines the domain knowledge observations and applies transformations to generate examples of anomalous traces from normal traces.
The possible transformations are:
-- Shifting the time domain. The direction of the shift can be forward (introducing a delay) or backward (removing a delay). The parameters of the shift are the amplitude and the start time. Both parameters are randomly selected for each new trace. The boundaries of these values do not include very large shifts as these would not contribute to the threshold placement for the models selected. The missing parts of the trace after shifting are recreated based on the average and standard deviation value of the previous 0.5s, assuming a Gaussian noise.
+- Shifting the time domain. The shift direction can be forward (introducing a delay) or backward (removing a delay). The parameters are the amplitude and the start time. Both parameters are random for each new trace. The boundaries of these values do not include very large shifts, as these would not contribute to the threshold placement. The missing parts of the trace after shifting are recreated based on the average and standard deviation value of the previous 0.5s, assuming a Gaussian noise.
-- Shifting the $y$ axis. The direction of the shift can be upward (more energy consumed) or downward (less energy consumed). The amplitude is chosen between $4$ and $5$ times the standard deviation for each sample. These values ensure not creating an anomalous trace that conflicts with the normal traces and removing any shift too large that would not contribute to the threshold placement. The start time is chosen randomly in the trace.
+- Shifting the $y$ axis. The direction of the shift can be upward (more energy consumed) or downward (less energy consumed). The amplitude is chosen between $4$ and $5$ times the standard deviation for each sample. These values ensure not creating an anomalous trace that conflicts with the normal traces and removing any shift too large that would not contribute to the threshold placement. The start time is random.
- Shifting both the $x$ and $y$ axis. Anomalous traces always presents a combination of $x$ shift, $y$ shift, or both.
@fig-overview presents an overview of the model's data flow.
+The resulting dataset does not exactly resemble the anomalous traces that are collected but presents traces with the same range of distances to normal traces (see @fig-Synthetic_vs_Normal_TPLINK).
+To avoid introducing training biases, the dataset is balanced by generating new normal traces using the average and standard deviation if required.
#figure(
image("images/schematic.svg", width: 100%),
caption: [Overview of the @BPV model training and evaluation.],
)
-The resulting dataset does not exactly resemble the anomalous traces that are collected but presents traces with the same range of distances to normal traces (see @fig-Synthetic_vs_Normal_TPLINK).
-To avoid introducing training biases, the dataset is balanced by generating new normal traces using the average and standard deviation if required.
-
#figure(
image("images/Synthetic_vs_Normal_TPLINK.svg", width: 100%),
diff --git a/BPV/qrs/template.typ b/BPV/qrs/template.typ
index ffc20b8..f5f600b 100644
--- a/BPV/qrs/template.typ
+++ b/BPV/qrs/template.typ
@@ -42,7 +42,7 @@
set document(title: title, author: authors.map(author => author.name))
// Set the body font.
- set text(font: "Times New Roman", size: 10pt)
+ set text(font: "STIX Two Text", size: 10pt)
// Configure the page.
set page(
@@ -100,7 +100,7 @@
// Display the paper's title.
//v(3pt, weak: true)
align(center, text(weight: "bold", size: 14pt, title))
- v(10pt, weak: true)
+ v(20pt, weak: true)
// Make author list
@@ -187,3 +187,4 @@
bibliography(bibliography-file, title: text(10pt)[References], style: "ieee")
}
}
+