Merge branch 'master' of ssh://git.palitronica.com:10112/agriseldavy/writing

DSD/qrs/main.tex

@@ -610,11 +610,14 @@ A power measurement device is placed in series with the main power cable of the
 The measurement devices captures the power consumption at 10 kilo-sampls per seconds.
 The pre-processing step downsamples the trace to 20 samples per seconds using a median filter.
 This step greatly reduces the measurement noise and the processing time, and increases the consistency of the results.
-The final sampling rate of 20 samples per seconds was selected empirically to be about one order of magnitude highter than the typical length of the patterns to detect (around 5 seconds).
+The final sampling rate of 20 samples per seconds was selected empirically to be around one order of magnitude highter than the typical length of the patterns to detect (around 5 seconds).
 
 For each comrpessed day of experiment (4 hours segment, thereafter refered as days), the \gls{mad} performs state detection and returns a label vector.
 This label vector associate a label to each sample of the power trace following the mapping: -1 is UNKNOWN, 0 is SLEEP, 1 is IDLE, 2 is HIGH and 3 is REBOOT.
+The training dataset comprise one sample per state, captured during a the run of a benchmark script that interatively place the machine in each states to detect.
+\agd{make dataset available}
 
+\subsection{Security Rules}
 Many rules can be imagined to describe the expected and unwanted behavior of a machine.
 System administrators can define highly specific rules to detect specific attacks or to match the typicall acticities of their infrastructure.
 We selected 4 rules (see Table~\ref{tab:rules}) that are representative of common threats on companies or administrations's \gls{it} infrastructures.
@@ -636,9 +639,12 @@ The rules are formaly defined using the \gls{stl} syntax which is bespoke for de
     \label{tab:rules}
 \end{table*}
 
-
-
 \subsection{Results}
+The performance measure represent the ability of the whole pipeline (\gls{mad} and rule checking) to detect anomalous behavior.
+The script on the machine generates logs that serves as ground truth to verify the results of rule checking.
+The main metrics are the \agd{name of metric chosen} for each rule (micro-\agd{name}) and the global \agd{name} (macro-\agd{name}).
+It is important to note that the attack frequency was intentionally increase compared to the expected attack frequency in the real world.
+
 
 \section{Discussion}\label{sec:discussion}
 In this section we highlight specific aspects of the proposed solution.

maerospace/installation_overview.typ

@@ -0,0 +1,21 @@
+#import "@preview/acrostiche:0.2.0": *
+
+#init-acronyms((
+        "EET": ("Electromechanical Emission Tripwire",),
+        "SBC": ("Single Board Computer",),
+        "PoE": ("Power over Ethernet",),
+    ))
+
+
+#align(center)[#text(size:20pt)[EET Deployment Overview on Maerospace
+Equipement]]
+
+This document describes the planned installation of #acr("EET") measurement systems on Maerospace equipement.
+The goal of theis initial installation is to evaluate the potential of using power consumption measurement to protect Maerospace equipement.
+The protection capabilities may not be limited to cyber-attacks and may also include malfunctions or unforeseen behavior.
+The type of equipement is also not limited to processing servers and may include gateway computers.
+
+= Measurement Equipement
+
+The measurement equipement (thereafter refered to as the #acr("EET") box or simply the box) comprises a Hall Effect sensor, a digitizer, and a #acr("SBC").
+The box is power through #acr("PoE") and thus uses the same Ethernet cable for power and communication.