Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2018.8.6.209

Meltdown Threat Dynamic Detection Mechanism using Decision-Tree based Machine Learning Method  

Lee, Jae-Kyu (Division of Computer Engineering, Hanshin University)
Lee, Hyung-Woo (Division of Computer Engineering, Hanshin University)
Publication Information
Journal of Convergence for Information Technology / v.8, no.6, 2018 , pp. 209-215 More about this Journal
Abstract
In this paper, we propose a method to detect and block Meltdown malicious code which is increasing rapidly using dynamic sandbox tool. Although some patches are available for the vulnerability of Meltdown attack, patches are not applied intentionally due to the performance degradation of the system. Therefore, we propose a method to overcome the limitation of existing signature detection method by using machine learning method for infrastructures without active patches. First, to understand the principle of meltdown, we analyze operating system driving methods such as virtual memory, memory privilege check, pipelining and guessing execution, and CPU cache. And then, we extracted data by using Linux strace tool for detecting Meltdown malware. Finally, we implemented a decision tree based dynamic detection mechanism to identify the meltdown malicious code efficiently.
Keywords
Meltdown Attack; Operating System; OS Vulnerabilities; Decision Tree; Dynamic Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Recommendation for countermeasures against OpenSSL vulnerability (HeartBleed). KrCert, https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=20884.
2 Decision tree learning, WIKIPEDIA. (2018).https://en.wikipedia.org/wiki/Decision_tree_learning.
3 I. Erez, M. Daniel, A. Yoav, G. Aviv & O. Ben. (2018). Detection of the Meltdown and Spectre Vulnerability. Check Point Research. https://research.checkpoint.com/detection-meltdown-spectre-vulnerabilities-using-checkpoint-cpu-level-technology/
4 Code Pierce. (2018). Detecting Spectre and Meltdown Using Hardware Performance Counters. ENDGAME Online Website (Our Blog). https://www.endgame.com/blog/technical-blog/detecting-spectre-and-meltdown-using-hardware-performance-counters
5 S. Hong & Y. J. Seo. (2016). Countermeasure of Sniffing Attack: Survey. Journal of Convergence Society for SMB, 6(2), 31-36. DOI : 10.22156/CS4SMB.2016.6.2.031   DOI
6 H. J. Mun, S. H. Choi & Y. C. Hwang. (2016). Effective Countermeasure to APT Attacks using Big Data. Journal of Convergence Society for SMB, 6(1), 17-23. DOI : 10.22156/CS4SMB.2016.6.1.017   DOI
7 M. S. Gu1 & Y. Z. Li. (2015). A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code. Journal of Convergence Society for SMB, 5(4), 37-42.
8 M. Lipp. et al. (2018). "Meltdown: Reading Kernel Memory from User Space. https://meltdownattack.com/meltdown.pdf.
9 CVE-2017-5754 Detail, NIST (2017). https://nvd.nist.gov/vuln/detail/CVE-2017-5754.
10 paboldin. (2018). meltdown-exploit. github. https://github.com/paboldin/meltdown-exploit.
11 Timing attack, WIKIPEDIA. (2018). https://en.wikipedia.org/wiki/Timing_attack.
12 S. J. Paek & J. M. Choi. (2015). Linux Kernel Internal, ArtStudio Book.