Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1237

Machine Learning-Based Detection of Cache Side Channel Attack Using Performance Counter Monitor of CPU  

Hwang, Jongbae (Hoseo University)
Bae, Daehyeon (Hoseo University)
Ha, Jaecheol (Hoseo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1237-1246 More about this Journal
Abstract
Recently, several cache side channel attacks have been proposed to extract secret information by exploiting design flaws of the microarchitecture. The Flush+Reload attack, one of the cache side channel attack, can be applied to malicious application attacks due to its properties of high resolution and low noise. In this paper, we proposed a detection system, which detects the cache-based attacks using the PCM(Performance Counter Monitor) for monitoring CPU cache activity. Especially, we observed the variation of each counter value of PCM in case of two kinds of attacks, Spectre attack and secret recovering attack during AES encryption. As a result, we found that four hardware counters were sensitive to cache side channel attacks. Our detector based on machine learning including SVM(Support Vector Machine), RF(Random Forest) and MLP(Multi Level Perceptron) can detect the cache side channel attacks with high detection accuracy.
Keywords
Cache-based Side Channel Attack; Spectre Attack; AES; Performance Counter Monitor; SVM; RF; MLP;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. Depoix and P. Altmeyer, "Detecting spectre attacks by identifying cache side-channel attacks using machine learning," Proceedings of Wiesbaden Workshop on Advanced Microkernel Operating Systems(WAMOS'18) pp. 75-85, Aug. 2018.
2 J. Cho, T. Kim, S. Kim, M. Im, T. Kim, and Y. Shin, "Real-Time Detection for Cache Side Channel Attack using Performance Counter Monitor," Applied Science, Vol. 10, Issue 3, 2019.
3 C. Cortes, and V. Vapnik, "Support-vector networks," Machine Learning, Vol. 20, Issue 3, pp. 273-297, 1995.   DOI
4 T. Hofmann, B. Scholkopf, and A. J. Smola, "Kernel Methods in Machine Learning," The Annals of Statistics, Vol. 36, No. 3, pp. 1171-1220, 2008.   DOI
5 L. Breiman, "Random Forests," Machine Learning, Vol. 45, pp. 5-32, 2001   DOI
6 R. Collobert and S. Benjio, "Links between perceptrons, MLPs and SVMs," Proceedings of the twenty-first international conference on Machine learning, ICML'04, p. 23, 2004.
7 M. Chiappetta, E. Savas, and C. Yilmaz, "Real time detection of cache-based side channel attacks using hardware performance counters," Applied Soft Computing, Vol. 49, pp. 1162-1174, 2016.   DOI
8 P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," CRYPTO'99, LNCS 1666, pp. 388-397, 1999.
9 D. Bernstein, "Cache-Timing Attacks on AES," Available at http://cr.yp.to/antiforgery/cachetiming-20050414.pdf, Apr. 2005.
10 P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz and Y. Yarom, "Spectre Attacks: Exploiting Speculative Execution," IEEE Symposium on Security and Privacy, pp. 1-19, May. 2019.
11 M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Hass, S. Mangard, P. Kocher, D. Genkin, Y. Yarom and M. Hamburg, "Meltdown: Reading Kernel Memory from User Space," Proceedings of the 27th USENIX Security Symposium, pp. 973-990, Aug. 2018.
12 Y. Yarom and K. Falkner, "FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack," Proceedings of the 23rd USENIX Security Symposium, pp. 719-732, Aug. 2014.
13 D. Gruss, C. Maurice, K. Wagner, and S. Mangard, "Flush+Flush: A Fast and Stealthy Cache Attack," DIMVA'16, LNCS 9721, pp. 279-299, 2016
14 D. Osvik, A. Shamir and E. Tromer, "Cache Attacks and Countermeasure: The Case of AES," CT-RSA'06, LNCS 3860, pp. 1-20, Feb. 2006.
15 M. Mushtaq, A. Akram, M. Bhatti, R. Rais, V. Lapotre, G. G. Gogniat, "Run-time Detection of Prime+Probe Side-Channel Attack on AES Encryption Algorithm," In Proceedings of the Global Information Infrastructure and Networking Symposium (GIIS), Oct. 2018
16 G. Irazoqui, M. Inci, T. Eisenbarth and B. Sunar, "Wait a minute! A fast, Cross-VM attack on AES," RAID'14, LNCS 8688, pp. 299-319, Sep. 2014.
17 Y. Yarom and N. Benger, "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack," IACR Cryptology ePrint Archive, Available at https://eprint.i acr.org/2014/140, 2014.