grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

final version

Browse source
This commit is contained in:
Arthur Grisel-Davy 2023-08-06 21:13:22 -04:00
parent ed394f301a
commit edad3126ff
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
BPV/qrs/main.typ
View file

@ -617,7 +617,7 @@ This section elaborates on some important aspects of this study.
We use a hardware device referred to as the capture box @hidden placed in series with the primary power cable of the target device. We use a hardware device referred to as the capture box @hidden placed in series with the primary power cable of the target device.
The technology for measuring the current differs depending on the capture box's version. The technology for measuring the current differs depending on the capture box's version.
For test cases 0 and 3, the box's shunt resistor generates a voltage drop representative of the global power consumption of the machine. For test cases 0 and 3, the box's shunt resistor generates a voltage drop representative of the global power consumption of the machine.
For test case 1 and 2, a Hall effect sensor returns a voltage proportional to the current. For test cases 1 and 2, a Hall effect sensor returns a voltage proportional to the current.
For both versions, the voltage value is sampled at 10 KSPS. For both versions, the voltage value is sampled at 10 KSPS.
These samples are packaged in small fixed-size chunks and sent to a data aggregation server on a private #acr("VLAN"). These samples are packaged in small fixed-size chunks and sent to a data aggregation server on a private #acr("VLAN").
The data aggregation server is responsible for gathering data from all of our capture boxes and sending it via a #acr("VPN") tunnel to a storage server. The data aggregation server is responsible for gathering data from all of our capture boxes and sending it via a #acr("VPN") tunnel to a storage server.
@ -637,7 +637,7 @@ The final step of the detection is to store all the boot sequences under the sam
// The complete dataset corresponding to this experiment is available online @dataset. // The complete dataset corresponding to this experiment is available online @dataset.
== Support for Online Training<online> == Support for Online Training<online>
In order for the #acr("BPV") to integrate in a realistic environment, the training procedure takes the rareness of the boot-up event into account. In order to integrate the #acr("BPV") in a realistic environment, the training procedure takes the rareness of the boot-up event into account.
Once the measurement device is set up on the machine to protect, the streaming time series representing the power consumption serves as input for the boot-up detection algorithm (see @sds). Once the measurement device is set up on the machine to protect, the streaming time series representing the power consumption serves as input for the boot-up detection algorithm (see @sds).
Each boot-up event is extracted and added to a dataset of boot-up traces. Each boot-up event is extracted and added to a dataset of boot-up traces.
Once the dataset reaches the expected number of samples, the #acr("BPV") computes the threshold and is ready for validation of the next boot-up. Once the dataset reaches the expected number of samples, the #acr("BPV") computes the threshold and is ready for validation of the next boot-up.
@ -657,3 +657,4 @@ On a per-machine basis, anomaly generation can enhance the training set without
Finally, deploying this technology to production networking equipment requires minimal downtime and hardware intrusion, and it is applicable to clientless equipment. Finally, deploying this technology to production networking equipment requires minimal downtime and hardware intrusion, and it is applicable to clientless equipment.
This study illustrates the potential of independent, side-channel-based #acr("IDS") for the detection of low-level attacks that can compromise machines even before the operating system gets loaded. This study illustrates the potential of independent, side-channel-based #acr("IDS") for the detection of low-level attacks that can compromise machines even before the operating system gets loaded.