grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git.palitronica.com:10112/agriseldavy/writing

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-07-18 13:40:51 -04:00
commit e700fe3b9c
2 changed files with 30 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
DSD/qrs/main.tex
View file

@ -610,11 +610,14 @@ A power measurement device is placed in series with the main power cable of the
The measurement devices captures the power consumption at 10 kilo-sampls per seconds.
The pre-processing step downsamples the trace to 20 samples per seconds using a median filter.
This step greatly reduces the measurement noise and the processing time, and increases the consistency of the results.
The final sampling rate of 20 samples per seconds was selected empirically to be about one order of magnitude highter than the typical length of the patterns to detect (around 5 seconds).
The final sampling rate of 20 samples per seconds was selected empirically to be around one order of magnitude highter than the typical length of the patterns to detect (around 5 seconds).
For each comrpessed day of experiment (4 hours segment, thereafter refered as days), the \gls{mad} performs state detection and returns a label vector.
This label vector associate a label to each sample of the power trace following the mapping: -1 is UNKNOWN, 0 is SLEEP, 1 is IDLE, 2 is HIGH and 3 is REBOOT.
The training dataset comprise one sample per state, captured during a the run of a benchmark script that interatively place the machine in each states to detect.
\agd{make dataset available}
\subsection{Security Rules}
Many rules can be imagined to describe the expected and unwanted behavior of a machine.
System administrators can define highly specific rules to detect specific attacks or to match the typicall acticities of their infrastructure.
We selected 4 rules (see Table~\ref{tab:rules}) that are representative of common threats on companies or administrations's \gls{it} infrastructures.
@ -636,9 +639,12 @@ The rules are formaly defined using the \gls{stl} syntax which is bespoke for de
\label{tab:rules}
\end{table*}
\subsection{Results}
The performance measure represent the ability of the whole pipeline (\gls{mad} and rule checking) to detect anomalous behavior.
The script on the machine generates logs that serves as ground truth to verify the results of rule checking.
The main metrics are the \agd{name of metric chosen} for each rule (micro-\agd{name}) and the global \agd{name} (macro-\agd{name}).
It is important to note that the attack frequency was intentionally increase compared to the expected attack frequency in the real world.
\section{Discussion}\label{sec:discussion}
In this section we highlight specific aspects of the proposed solution.

21
maerospace/installation_overview.typ Normal file
View file

@ -0,0 +1,21 @@
#import "@preview/acrostiche:0.2.0": *
#init-acronyms((
"EET": ("Electromechanical Emission Tripwire",),
"SBC": ("Single Board Computer",),
"PoE": ("Power over Ethernet",),
))
#align(center)[#text(size:20pt)[EET Deployment Overview on Maerospace
Equipement]]
This document describes the planned installation of #acr("EET") measurement systems on Maerospace equipement.
The goal of theis initial installation is to evaluate the potential of using power consumption measurement to protect Maerospace equipement.
The protection capabilities may not be limited to cyber-attacks and may also include malfunctions or unforeseen behavior.
The type of equipement is also not limited to processing servers and may include gateway computers.
= Measurement Equipement
The measurement equipement (thereafter refered to as the #acr("EET") box or simply the box) comprises a Hall Effect sensor, a digitizer, and a #acr("SBC").
The box is power through #acr("PoE") and thus uses the same Ethernet cable for power and communication.