#import "@preview/polylux:0.3.1": *
#import themes.metropolis: *

#show: metropolis-theme.with(
  footer: [CC BY-NC-SA]
)

#set text(font: "STIX Two Text", weight: "light", size: 20pt)
#show math.equation: set text(font: "STIX Two Text")
#set strong(delta: 100)
#set par(justify: true)

#title-slide(
  author: [Arthur Grisel-Davy],
  title: "Seminar: Process-Power Consistency as Sanity Check",
  subtitle: "Subtitle",
  date: "September 2024",
  extra: ""
)

#slide(title: "State of the IDS")[
  // Most IDS rely on host-based information
  // Process List is a very common default info to verify
]
#slide(title:"State of the IDS")[
  // Process masquerading is trivialy posible and used by many attacks (Mitre AttCK list)

]
#slide(title:"State of the IDS")[
  // Countermeasure to process masquerading
Listed by MITRE|ATT&CK:
- Monitor OS API Calls (e.g. forks)
- Monitor process creation source.
Listed by Red Canary:
- Heuristic on process properties (name, location, etc.)

#uncover(2)[#align(center)[#text(fill:red, weight:"bold")[All Host-Based Methods!]]]
]

#slide(title:"Process List Verification")[
// We can't stop using the process list, so let's try to verify it
// Power as a trusted source of information
#align(center)[#image("images/wein.svg", height:100%)]
// add wein images that shows where other solutions are and show that with the right analysis tools, power side-channel is at the center.
]

#slide(title:"Power Side-Channel")[
// Why is power trusted
// Why is it correlated with the process list
// Why is it the best/most practical side-channel
]

#slide(title:"Experimental Setup")[
// Setup of the experiment
// What data to gather
    // Log data
    // Power data (comparison hardware/software)
// Resulting dataset
]

#slide(title:"Problem Statement")[
]

#slide(title:"Proposed Approach")[
// Proposed approach
//
] 

#slide(title:"Evaluation")[
]

#slide(title:"Future Developements")[
]