grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deneir/BPV/emsoft2022/poster.tex
Arthur 'Grizzly' Grisel-Davy 82fafbe76f emsoft2022 poster and presentation
2022-10-10 22:22:05 -04:00

242 lines
9.8 KiB
TeX
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Cahnegs made from the paper:
% Changed the colors in the traces figure to be coloblind friendly
% Changes the labels in the traces figure to be accurate
% MUW Poster
% LaTeX Template
% Version 1.0 (31/08/2016)
% (Based on Version 1.0 (31/08/2015) of the Jacobs Portrait Poster
%
% License:
% CC BY-NC-SA 3.0 (http://creativecommons.org/licenses/by-nc-sa/3.0/)
%
% Created by:
% Nicolas Ballarini, CeMSIIS, Medical University of Vienna
% nicoballarini@gmail.com
% http://statistics.msi.meduniwien.ac.at/
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\def\footer#1{\def\insertfooter{#1}}
%--------------------------------------------------------------------------------------
% PACKAGES AND OTHER DOCUMENT CONFIGURATIONS
%--------------------------------------------------------------------------------------
\documentclass[final]{beamer}
\usepackage[size=a0]{beamerposter} % Use the beamerposter package
\usetheme{UWATposter}
\usepackage{multicol}
\usepackage{array}
\usepackage{pgf}
\usepackage{mathtools}
\usepackage{tikz}
\usetikzlibrary {arrows.meta,bending,positioning}
\usepackage{booktabs}
\usepackage[toc,acronym,abbreviations,nonumberlist,nogroupskip]{glossaries-extra}
\input{acronyms}
\usepackage{amsmath, amsthm, amssymb, amsfonts}
\usepackage{exscale}
\usepackage{xcolor}
\usepackage{ushort}
\usepackage{setspace}
\usepackage{numprint}
\usepackage{multirow}
\usepackage[square,numbers]{natbib}
\usepackage{url}
\bibliographystyle{abbrvnat}
%-----------------------------------------------
% START Set the colors
% Uncomment to apply colors you want to use.
%-----------------------------------------------
\colorlet{themecolor}{yellow_4_UW}
\usebackgroundtemplate{\includegraphics{background_poster_UWAT.pdf}}
%\colorlet{themecolor}{skinMUW}
%\colorlet{themecolor}{blueMUW}
%\usebackgroundtemplate{\includegraphics{MUW_skin.pdf}}
%%\colorlet{themecolor}{blueMUW}
%\colorlet{themecolor}{hellblauMUW}
%\usebackgroundtemplate{\includegraphics{MUW_hellblau.pdf}}
%-----------------------------------------------
% END Set the colors
%-----------------------------------------------
%-----------------------------------------------
% START Set the width of the columns
%-----------------------------------------------
\setlength{\paperwidth}{33.1in} % A0 width: 46.8in
\setlength{\paperheight}{46.8in} % A0 height: 33.1in
% % The following measures are used for 2 columns
% \setlength{\sepmargin}{0.05\paperwidth} % Separation width (white space) between columns
% \setlength{\sepwid}{0.03\paperwidth} % Separation width (white space) between columns
% \setlength{\onecolwid}{0.43\paperwidth} % Width of one column
% \setlength{\twocolwid}{0.9\paperwidth} % Width of two columns
%-----------------------------------------------------------
% The following measures are used for 3 columns
%\setlength{\sepmargin}{0.06\paperwidth} % Separation width (white space) between columns
%\setlength{\sepwid}{0.02\paperwidth} % Separation width (white space) between columns
%\setlength{\onecolwid}{0.28\paperwidth} % Width of one column
%\setlength{\twocolwid}{0.58\paperwidth} % Width of two columns
%\setlength{\threecolwid}{0.88\paperwidth} % Width of three columns
%\setlength{\columnsep}{30pt}
%-----------------------------------------------
% END Set the width of the columns
%-----------------------------------------------
%--------------------------------------------------------------------------------------
% TITLE SECTION
%--------------------------------------------------------------------------------------
%\setbeamertemplate{title}[right]
%\setbeamertemplate{frametitle}[default][left]
%\setmainfont{Georgia}
\title{Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis} % Poster title
\author{Arthur Grisel-Davy, Amrita Milan Bhogayata, Srijan Pabbi, Apurva Narayan, Sebastian Fischmeister} % Author(s)
\institute{Embedded Software Group, University of Waterloo} % Institution(s)
%--------------------------------------------------------------------------------------
\begin{document}
%\addtobeamertemplate{block end}{}{\vspace*{1ex}} % White space under blocks
%\addtobeamertemplate{block alerted end}{}{\vspace*{0ex}} % White space under highlighted (alert) blocks
\setlength{\belowcaptionskip}{2ex} % White space under figures
\setlength\belowdisplayshortskip{1ex} % White space under equations
\begin{frame}[t] % The whole poster is enclosed in one beamer frame
\begin{columns}
\begin{column}{\sidemargin}\end{column}
\begin{column}{\onecolwidth}
\begin{block}{}
\begin{figure}
\centering
\includegraphics[width=0.9\onecolwidth]{images/main_illustration_p4.pdf}
\caption{Typical Intrusion Detection Systems (IDS) are Host-based (HIDS) or Network-Based (NIDS). This new Physics-Based IDS performs anomaly detection using global power consumption.}
\label{fig:main-illustration}
\end{figure}
\end{block}
\end{column}
\begin{column}{\sidemargin}\end{column}
\end{columns}
\begin{columns}[t] % The whole poster consists of two major columns
\begin{column}{\sidemargin}\end{column} % spacing between the first column and the side of the page
\begin{column}{\colwidth} % The first column
\begin{block}{Power Traces}
\begin{figure}
\includegraphics[width=0.9\linewidth]{images/Bootup_traces_TPLINK.pdf}
\caption{Power consumption of the bootup sequence of a TP-Link switch with two different firmware versions}
\label{fig:trace}
\end{figure}
\begin{itemize}
\item The power consumption offers an accurate and trusted representation of the systems state.
\item We measure the power consumption at the main power cable after the \gls{ac} to \gls{dc} conversion.
\item A script extracts and synchronizes the bootup sequences using the rising edge of the first power spike.
\end{itemize}
\end{block}
\end{column}
\begin{column}{\middlemargin}\end{column} % spacing between the two columns
\begin{column}{\colwidth} %The second column
\begin{block}{Boot Process Verifier (BPV)}
The BPV
\begin{itemize}
\item trains on a small training set of $\approx$10 normal traces.
\item does not require anomalous data to perform detection.
\item uses the IQR to set the distance threshold: $threshold = Q3 + 1.5\times (Q3-Q1)$~ \cite{han2011data}.
\item performs detection by comparing the Euclidean distance of a new trace to the average training trace.
\item detects as anomalous the bootup sequences that deviate from training. It can be due to malicious or wrong version firmware.
\end{itemize}
\vspace{2cm}
\begin{figure}
%\vspace*{-1cm}
\centering
\includegraphics[width=\linewidth]{images/illustration.pdf}
\caption{Overview of the BPV detection procedure}
\label{fig:illustration}
\end{figure}
\end{block}
\end{column}
\begin{column}{\sidemargin}\end{column}
\end{columns}
\Hrule[yellow_3_UW]{0.2cm}{1.5cm}{1.5cm}{\dimexpr 2\colwidth+\middlemargin}
\begin{columns}[t]
\begin{column}{\sidemargin}\end{column}
\begin{column}{\colwidth}
\begin{block}{Case Study: Networking devices}
\begin{itemize}
\item We selected four consumer-available networking devices.
\item We installed OpenWRT on routers and downgraded the firmware on switches to represent firmware attacks.
\item We extracted 500 bootup sequences ~\cite{dataset} per attack per machine.
\end{itemize}
\begin{table}[h]
\centering
\begin{tabular}{p{0.2\textwidth}|>{\centering}p{0.4\textwidth}|>{\centering\arraybackslash}p{0.3\textwidth}}
\textbf{Machine} & \textbf{Detection $F_1$ Score} & \textbf{Overall $F_1$ Score}\\
\midrule
TP-Link switch & 0.866 & \multirow{4}{*}{0.942}\\
HP switch & 0.983 &\\
Asus router & 1 &\\
Linksys router & 0.921 &\\
\bottomrule
\end{tabular}
\caption{Results of detection. $F_1$ scores are averaged per machine from 20 experiments.}
\label{tab:results}
\end{table}
\end{block}
\end{column}
\begin{column}{\middlemargin}\end{column}
\begin{column}{\colwidth}
\begin{block}{Conclusion}
The BPV:
\begin{itemize}
\item can reliably detect firmware tampering from the power consumption trace.
\item requires minimal training data and training time.
\item can be implemented with minimal downtime and hardware modification and applies to clientless equipment.
\end{itemize}
\end{block}
\begin{block}{Future Work}
\begin{itemize}
\item Application to a greater range of devices such as OT systems or general purpose computers.
\item Evaluation of data augmentation techniques to improve detection of low-impact attacks.
\end{itemize}
\end{block}
\end{column}
\begin{column}{\sidemargin}\end{column}
\end{columns}
\Hrule[yellow_3_UW]{0.2cm}{.5cm}{1.5cm}{\dimexpr 2\colwidth+\middlemargin}
\begin{columns}
\begin{column}{\sidemargin}\end{column}
\begin{column}{\onecolwidth}
\begin{block}{\large References}
\vspace*{-0.5cm}
%\nocite{*} % Insert publications even if they are not cited in the poster
{\footnotesize
%\bibliographystyle{plainurl}
\bibliography{bibli.bib}
}
\end{block}
\end{column}
\begin{column}{\sidemargin}\end{column}
\end{columns}
\end{frame} % End of the enclosing frame
\end{document}
Reference in a new issue View git blame Copy permalink