grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deneir/PhD/research_proposal/futurwork.tex
Arthur Grisel-Davy 40342b226e add research proposal
2023-06-12 13:11:37 -04:00

101 lines
8.6 KiB
TeX
Raw Blame History

\chapter{Planned Work}\label{chap:futurwork}
All the work achieved in the preliminary work serves as the foundation for the planned work.
The thesis will focus on the state detection problem.
Detecting the state of a system is a stepping stone in the construction of specialized tools.
As illustrated by the \gls{sds} and \gls{bpv}, the detection of specific attacks often relies on the ability to pre-process the time series to find sections of interest.
In this sense, solving the state detection problem enables a deeper investigation of power consumption by making the data actionable.
The different machines and data measurement design lead to different problems to solve and different detection capabilities.
This chapter described the planned research topics with their problem statement and a description of the motivation and expected results.
\section{Single-Source, Single-Measure}
The \gls{dsd} shows promising results in an experimental setup.
To this date, the experiments have focused on the detection of simple global states.
The global state are usualy \textit{OFF}, \textit{ON}, \textit{BOOT}, \textit{HIGH LOAD}.
Depending on the machine, other states like \textit{FIRMWARE FLASH}, \textit{SLEEP} or a specific activity mode can also be detected.
The experiments focus on the deployment of general-purpose computers, network switches, and \gls{wap}/routers.
In the next months, the goal for the \gls{dsd} is to evaluate the performances of the runtime state detection.
The current accuracy and edit distance performances (see Figure \ref{fig:dsd_acc}) show promissing results for the detection of well defined states (i.e. states associated with a striking variation of average power consumption).
However, in order for the \gls{dsd} to provide useful and reliable runtime labeling of the a machine's activity, a more diverse selection of states must be evaluated for typical machines like general purpose computers.
These results will be compiled for the publication of an article.
The work on \gls{dsd} is the base for the planned development of more specific applications of the same principle of physics-based monitoring.
\begin{figure}
\centering
\includegraphics[width=\textwidth]{images/dsd_acc}
\caption{Current results of the DSD algorithm on several datasets..}
\label{fig:dsd_acc}
\end{figure}
\section{Single-Source, Multi-Measure}
The global power consumption of a machine does not necessarily tell the full story about its activity.
In an embedded system, the power consumption can be assigned to different components, each with its specific activity.
For the simplest systems performing one specific task \agd{give examples}, the activity of each component is often consistently correlated/agd{weird sentence}.
If the system is in a mode \textit{A} then each component is in mode \textit{A}, and the global power consumption will display the \textit{mode A} pattern.
For more complex systems, different components can be in different modes to accommodate the multi-tasking nature of the global activity.
In this case, if the first component is in mode \textit{A} but the second is in mode \textit{B}, this indicates a different global activity than if both are in the same mode.
For example, if the bootup sequence of a general-purpose computer shows a high \gls{cpu} activity but a low storage activity, it could indicate a failure to boot or an attacker booting the system from external storage.
Access to each component's individual power consumption opens the way to a more granular understanding of the machine's activity.
However, the new nature of the captured data requires an evolution of the techniques developed before.
\subsection{Problem Statement}
Differentiating between the different components to better understand the activity of a machine is a valuable capability associated with a new problem.
\begin{problem-statement}[Single-Source Multi-Measure]
Given a discretized time series $t$ and a set of $n$ components for each of $m$ patterns $P=\{\{\chi\},\{P_{11},\dots, P_{1n}\},\dots, \{P_{m1},\dots, P_{mn}\}\}$, identify an injective mapping $m_{SSMM}:\mathbb{N}\longrightarrow P$ such that every sample $t[i]$
maps to exactly one set of pattern components in $P$ with the condition that the sample matches an occurrence of the set of patterns in $t$.
\end{problem-statement}
The time series $t$ is a discretized, multivariate, real-valued time series.
Each sample $t[i]$ is a vector or $n$ component representing the value of each dimension of $t$ at a point in time.
Each pattern in $P$ contain multiple pattern components and represent a global pattern across all dimension of $t$.
Thus, the number of components of each pattern must be equal to the dimensions of $t$.
\subsection{Applications}
The goal of the multi-measure setup is dual.
First, correlated information allows for a more robust detection mechanism.
If all components of a machine display behaviours associated with the same global activity, the detection confidence is greater than with the global consumption only.
Second, multiple measures enable a more granular activity detection.
With the power consumption measurement of multiple components available, every combination of component's activity can be associated with a different global activity.
These changes allow for detecting potentially anomalous combinations of states and for a better understanding of the machine's behaviour.
The typical application of this technology would concern general-purpose computers or medium-complexity systems with multiple internal components.
These machines are typically difficult to profile with global consumption as each component influences the measure in a different way.
The detection of the activity can be restricted to general states like \textit{ON}, \textit{OFF}, \textit{SLEEP} or \textit{HIGH LOAD}.
While this information is still valuable, it does not enable in-depth monitoring of the machine.
\section{Multi-Source Single-Measure}
If the Single-Source Multi-Measure was looking \textit{in} a machine to get more insight, the Multi-Source Single-Measure is looking \textit{out} and considering multiple devices at once.
In a context where measuring the consumption of individual machines is not possible, the problem of disambiguation arises.
Signal disambiguation is the ability to identify the source of each component signal from a single aggregated signal.
This is a complicated problem as the different sources can affect each other, sometimes in a non-linear way.
\subsection{Problem Statement}
\begin{problem-statement}[Multi-Source Single-Measure]
Given a discretized aggregated time series $t_a = t_1 \oplus t_2 \oplus \dots \oplus t_k$ and a set of patterns $P=\{(P_1\times\dots\times P_n)\}$, identify an injective mapping $m_{MSSM}:\mathbb{N}\longrightarrow P$ such that every sample $t_a[i]$ maps to a pattern set in $P$ with the condition that the sample matches an occurrence of the pattern in $t_a$.
\end{problem-statement}
The time series $t_a$ is a discretized, mono-variate, real-valued time series.
The set of patterns $P$ is the cartesian product of the sets of patterns for each source $P_i$.
Thus, each element of $P$ is a set of $n$ patterns, each associated with one source.
Each set $P_i$ contain any number of pattern and the unknown $\chi$ pattern.
The unknown pattern is not added to the set $P$ as the set of all $\chi$ is already present and bears the same meaning.
The operator $\oplus$ is the aggregation function, generally the summation or caped summation.
In some applications, the associativity of the $\oplus$ operator can be discarded as the aggregation is performed at the physical level, instantly across all sources $t_i$.
\begin{figure}
\centering
\includegraphics[width=\textwidth]{images/mssm_illustration}
\caption{Illustration of the MSSM setup.}
\label{fig:mssm_illustration}
\end{figure}
\subsection{Applications}
The successful design of a Multi-source Single-Measure monitoring system finds its best application in an industrial setting.
Any industry that relies on many simple embedded systems to reliably perform a task can benefit from a monitoring system that is minimally disruptive to install.
For example, an assembly line can leverage hundreds of conveyor belt drivers, robotic arms, or quality assessment points.
Each type of system is simple in its design and task.
However, adding a designated power monitoring measurement device to each individual system is costly, maintenance-heavy, and it multiplies the potential points of failure.
Capturing the power consumption of these machines at a single point is an efficient way to minimize the implementation footprint while maintaining a reliable physics-based monitoring solution.
Reference in a new issue View git blame Copy permalink