resync with app version

2023-06-26 14:00:28 -04:00 · 2023-06-26 14:00:28 -04:00 · e2cc4ecfec
commit e2cc4ecfec
parent a7e6210f45
5 changed files with 3412 additions and 5236 deletions
--- a/BPV/qrs/images/Bootup_traces_TPLINK.svg
+++ b/BPV/qrs/images/Bootup_traces_TPLINK.svg
--- a/BPV/qrs/images/l3-training.svg
+++ b/BPV/qrs/images/l3-training.svg
--- a/BPV/qrs/main.typ
+++ b/BPV/qrs/main.typ
@ -133,8 +133,8 @@ The integrity verification can also be performed at run-time as part of the firm
 The above solutions to firmware attacks share the common flaw of being applied to the same machine they are installed on.
 This allows an attacker to bypass these countermeasures after infecting the machine.
 An attacker that could avoid triggering a verification, tamper with the verification mechanism, feed forged data to the verification mechanism, or falsify the verification report could render any defense useless.
-//This idea of necessary independence between target and the @IDS can be summarize with teh following statement.\ 
+// This idea of necessary independence between the target and the @IDS can be summarized in the following statement.\ 
-//#align(center,text(weight: "bold", [An @IDS is incoherent if its deployement requires the cooperation of the entity it pretends to protect.]))
+// #align(center,text(weight: "bold", [An @IDS is incoherent if its deployment requires the cooperation of the entity it pretends to protect.]))
@IDS are subjected to a trade-off between having access to relevant and meaningful information and keeping the detection mechanism separated from the target machine.
 Our solution addresses this trade-off by leveraging side-channel information.
@ -337,7 +337,7 @@ The second machine remained idle for the duration of the experiment.
 From these samples representing nominal bootups, it appears that the machine presents multiple bootup modes.
 Hence, the model is multi-modal with three modes.
 See @multi-modal for more details about how multi-modal models are defined.
-@l3-training illustrates the power traces associated with each mode as well as the distance distribution and the thresholds. 
+@l3-training illustrates the power traces associated with each mode.
 #figure(
  image("images/l3-training.svg", width:100%),
@ -429,14 +429,14 @@ For each evaluation, a random set of $10$ consecutive traces is selected from th
 The anomaly generator returns a training dataset composed of normal traces on one side and anomalous artificial traces on the other.
 The models train using this dataset and are evaluated against a balanced dataset combining $M in [20,50]$ consecutive anomalous traces selected at random across all abnormal classes and as many nominal traces.
 The testing set is balanced between nominal and abnormal traces.
-The training requires only a few nominal traces.
+//The training requires only a few nominal traces.
 This evaluation is repeated $50$ times, and the $F_1$ score is computed for each iteration.
 The final score is the average of these $F_1$ scores.
 The results are presented in @tab-results.
 #figure(
  tablex(
-    columns: 2,
+    columns: (40%,40%),
    auto-vlines: false,
    [*Machine*], [*BPV*],
    [TP-Link switch], [0.87],
@ -494,7 +494,8 @@ The experiment scenarios are:
 #figure(
  tablex(
    auto-vlines: false,
-    columns: (40%,20%,40%),
+    align: left,
    columns: (40%,auto,auto),
    [*Scenario*],[*Accuracy*], [*Nbr. of Samples*],
    [Original],[1],[98],
    [Compiled],[1],[49],
@ -573,22 +574,21 @@ The anomalies that the power trace exhibits are a combination of types of transf
 The anomaly generation function combines the domain knowledge observations and applies transformations to generate examples of anomalous traces from normal traces.
 The possible transformations are:
- Shifting the time domain. The direction of the shift can be forward (introducing a delay) or backward (removing a delay). The parameters of the shift are the amplitude and the start time. Both parameters are randomly selected for each new trace. The boundaries of these values do not include very large shifts as these would not contribute to the threshold placement for the models selected. The missing parts of the trace after shifting are recreated based on the average and standard deviation value of the previous 0.5s, assuming a Gaussian noise.
+- Shifting the time domain. The shift direction can be forward (introducing a delay) or backward (removing a delay). The parameters are the amplitude and the start time. Both parameters are random for each new trace. The boundaries of these values do not include very large shifts, as these would not contribute to the threshold placement. The missing parts of the trace after shifting are recreated based on the average and standard deviation value of the previous 0.5s, assuming a Gaussian noise.
- Shifting the $y$ axis. The direction of the shift can be upward (more energy consumed) or downward (less energy consumed). The amplitude is chosen between $4$ and $5$ times the standard deviation for each sample. These values ensure not creating an anomalous trace that conflicts with the normal traces and removing any shift too large that would not contribute to the threshold placement. The start time is chosen randomly in the trace.
+- Shifting the $y$ axis. The direction of the shift can be upward (more energy consumed) or downward (less energy consumed). The amplitude is chosen between $4$ and $5$ times the standard deviation for each sample. These values ensure not creating an anomalous trace that conflicts with the normal traces and removing any shift too large that would not contribute to the threshold placement. The start time is random.
 - Shifting both the $x$ and $y$ axis. Anomalous traces always presents a combination of $x$ shift, $y$ shift, or both.
@fig-overview presents an overview of the model's data flow.
 The resulting dataset does not exactly resemble the anomalous traces that are collected but presents traces with the same range of distances to normal traces (see  @fig-Synthetic_vs_Normal_TPLINK).
 To avoid introducing training biases, the dataset is balanced by generating new normal traces using the average and standard deviation if required.
 #figure(
  image("images/schematic.svg", width: 100%),
  caption: [Overview of the @BPV model training and evaluation.],  
 )<fig-overview>
 The resulting dataset does not exactly resemble the anomalous traces that are collected but presents traces with the same range of distances to normal traces (see  @fig-Synthetic_vs_Normal_TPLINK).
 To avoid introducing training biases, the dataset is balanced by generating new normal traces using the average and standard deviation if required.
 #figure(
  image("images/Synthetic_vs_Normal_TPLINK.svg", width: 100%),
--- a/BPV/qrs/template.typ
+++ b/BPV/qrs/template.typ
@ -42,7 +42,7 @@
  set document(title: title, author: authors.map(author => author.name))
  // Set the body font.
-  set text(font: "Times New Roman", size: 10pt)
+  set text(font: "STIX Two Text", size: 10pt)
  // Configure the page.
  set page(
@ -100,7 +100,7 @@
  // Display the paper's title.
  //v(3pt, weak: true)
  align(center, text(weight: "bold", size: 14pt, title))
-  v(10pt, weak: true)
+  v(20pt, weak: true)
  // Make author list
@ -187,3 +187,4 @@
    bibliography(bibliography-file, title: text(10pt)[References], style: "ieee")
  }
 }