From 68f4aa4158e9082aa1fbc94636dc9d0e71074e8b Mon Sep 17 00:00:00 2001 From: Arthur Grisel-Davy Date: Fri, 14 Jul 2023 14:49:32 -0400 Subject: [PATCH 1/3] update --- DSD/qrs/main.tex | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/DSD/qrs/main.tex b/DSD/qrs/main.tex index 48a9849..f1067f9 100644 --- a/DSD/qrs/main.tex +++ b/DSD/qrs/main.tex @@ -609,11 +609,14 @@ A power measurement device is placed in series with the main power cable of the The measurement devices captures the power consumption at 10 kilo-sampls per seconds. The pre-processing step downsamples the trace to 20 samples per seconds using a median filter. This step greatly reduces the measurement noise and the processing time, and increases the consistency of the results. -The final sampling rate of 20 samples per seconds was selected empirically to be about one order of magnitude highter than the typical length of the patterns to detect (around 5 seconds). +The final sampling rate of 20 samples per seconds was selected empirically to be around one order of magnitude highter than the typical length of the patterns to detect (around 5 seconds). For each comrpessed day of experiment (4 hours segment, thereafter refered as days), the \gls{mad} performs state detection and returns a label vector. This label vector associate a label to each sample of the power trace following the mapping: -1 is UNKNOWN, 0 is SLEEP, 1 is IDLE, 2 is HIGH and 3 is REBOOT. +The training dataset comprise one sample per state, captured during a the run of a benchmark script that interatively place the machine in each states to detect. +\agd{make dataset available} +\subsection{Security Rules} Many rules can be imagined to describe the expected and unwanted behavior of a machine. System administrators can define highly specific rules to detect specific attacks or to match the typicall acticities of their infrastructure. We selected 4 rules (see Table~\ref{tab:rules}) that are representative of common threats on companies or administrations's \gls{it} infrastructures. @@ -635,9 +638,12 @@ The rules are formaly defined using the \gls{stl} syntax which is bespoke for de \label{tab:rules} \end{table*} - - \subsection{Results} +The performance measure represent the ability of the whole pipeline (\gls{mad} and rule checking) to detect anomalous behavior. +The script on the machine generates logs that serves as ground truth to verify the results of rule checking. +The main metrics are the \agd{name of metric chosen} for each rule (micro-\agd{name}) and the global \agd{name} (macro-\agd{name}). +It is important to note that the attack frequency was intentionally increase compared to the expected attack frequency in the real world. + \section{Discussion}\label{sec:discussion} In this section we highlight specific aspects of the proposed solution. From da21a766db0595fc22a5b496f82453a40fd19ade Mon Sep 17 00:00:00 2001 From: Arthur Grisel-Davy Date: Tue, 18 Jul 2023 13:07:28 -0400 Subject: [PATCH 2/3] start maerospace document --- maerospace/installation_overview.typ | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 maerospace/installation_overview.typ diff --git a/maerospace/installation_overview.typ b/maerospace/installation_overview.typ new file mode 100644 index 0000000..69f7b81 --- /dev/null +++ b/maerospace/installation_overview.typ @@ -0,0 +1,13 @@ +#import "@preview/acrostiche:0.2.0": * + +#init-acronyms(( + "EET": ("Electromechanical Emission Tripwire",), + )) + + +#align(center)[#text(size:20pt)[EET Deployment Overview on Maerospace +Equipement]] + +This document describes the planned installation of #acr("EET") measurement systems on Maerospace equipement. +The EET boxes are placed in series with the power cables of different equipements. +Each box measure the power consumption of one equipement and streams it to a server #text(red)[on premise or a remote server]. From 757101393fae68ad5790405a4ffa9ba7dc1dc266 Mon Sep 17 00:00:00 2001 From: Arthur Grisel-Davy Date: Tue, 18 Jul 2023 13:15:22 -0400 Subject: [PATCH 3/3] plop --- maerospace/installation_overview.typ | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/maerospace/installation_overview.typ b/maerospace/installation_overview.typ index 69f7b81..71db350 100644 --- a/maerospace/installation_overview.typ +++ b/maerospace/installation_overview.typ @@ -2,6 +2,8 @@ #init-acronyms(( "EET": ("Electromechanical Emission Tripwire",), + "SBC": ("Single Board Computer",), + "PoE": ("Power over Ethernet",), )) @@ -9,5 +11,11 @@ Equipement]] This document describes the planned installation of #acr("EET") measurement systems on Maerospace equipement. -The EET boxes are placed in series with the power cables of different equipements. -Each box measure the power consumption of one equipement and streams it to a server #text(red)[on premise or a remote server]. +The goal of theis initial installation is to evaluate the potential of using power consumption measurement to protect Maerospace equipement. +The protection capabilities may not be limited to cyber-attacks and may also include malfunctions or unforeseen behavior. +The type of equipement is also not limited to processing servers and may include gateway computers. + += Measurement Equipement + +The measurement equipement (thereafter refered to as the #acr("EET") box or simply the box) comprises a Hall Effect sensor, a digitizer, and a #acr("SBC"). +The box is power through #acr("PoE") and thus uses the same Ethernet cable for power and communication.