diff --git a/DSD/qrs/main.tex b/DSD/qrs/main.tex index 68994c0..9d4145f 100644 --- a/DSD/qrs/main.tex +++ b/DSD/qrs/main.tex @@ -610,11 +610,14 @@ A power measurement device is placed in series with the main power cable of the The measurement devices captures the power consumption at 10 kilo-sampls per seconds. The pre-processing step downsamples the trace to 20 samples per seconds using a median filter. This step greatly reduces the measurement noise and the processing time, and increases the consistency of the results. -The final sampling rate of 20 samples per seconds was selected empirically to be about one order of magnitude highter than the typical length of the patterns to detect (around 5 seconds). +The final sampling rate of 20 samples per seconds was selected empirically to be around one order of magnitude highter than the typical length of the patterns to detect (around 5 seconds). For each comrpessed day of experiment (4 hours segment, thereafter refered as days), the \gls{mad} performs state detection and returns a label vector. This label vector associate a label to each sample of the power trace following the mapping: -1 is UNKNOWN, 0 is SLEEP, 1 is IDLE, 2 is HIGH and 3 is REBOOT. +The training dataset comprise one sample per state, captured during a the run of a benchmark script that interatively place the machine in each states to detect. +\agd{make dataset available} +\subsection{Security Rules} Many rules can be imagined to describe the expected and unwanted behavior of a machine. System administrators can define highly specific rules to detect specific attacks or to match the typicall acticities of their infrastructure. We selected 4 rules (see Table~\ref{tab:rules}) that are representative of common threats on companies or administrations's \gls{it} infrastructures. @@ -636,9 +639,12 @@ The rules are formaly defined using the \gls{stl} syntax which is bespoke for de \label{tab:rules} \end{table*} - - \subsection{Results} +The performance measure represent the ability of the whole pipeline (\gls{mad} and rule checking) to detect anomalous behavior. +The script on the machine generates logs that serves as ground truth to verify the results of rule checking. +The main metrics are the \agd{name of metric chosen} for each rule (micro-\agd{name}) and the global \agd{name} (macro-\agd{name}). +It is important to note that the attack frequency was intentionally increase compared to the expected attack frequency in the real world. + \section{Discussion}\label{sec:discussion} In this section we highlight specific aspects of the proposed solution. diff --git a/maerospace/installation_overview.typ b/maerospace/installation_overview.typ new file mode 100644 index 0000000..71db350 --- /dev/null +++ b/maerospace/installation_overview.typ @@ -0,0 +1,21 @@ +#import "@preview/acrostiche:0.2.0": * + +#init-acronyms(( + "EET": ("Electromechanical Emission Tripwire",), + "SBC": ("Single Board Computer",), + "PoE": ("Power over Ethernet",), + )) + + +#align(center)[#text(size:20pt)[EET Deployment Overview on Maerospace +Equipement]] + +This document describes the planned installation of #acr("EET") measurement systems on Maerospace equipement. +The goal of theis initial installation is to evaluate the potential of using power consumption measurement to protect Maerospace equipement. +The protection capabilities may not be limited to cyber-attacks and may also include malfunctions or unforeseen behavior. +The type of equipement is also not limited to processing servers and may include gateway computers. + += Measurement Equipement + +The measurement equipement (thereafter refered to as the #acr("EET") box or simply the box) comprises a Hall Effect sensor, a digitizer, and a #acr("SBC"). +The box is power through #acr("PoE") and thus uses the same Ethernet cable for power and communication.