PerSpectron: Detecting Invariant Footprints of Microarchitectural Attacks with Perceptron
- 1 October 2020
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 1124-1137
- https://doi.org/10.1109/micro50266.2020.00093
Abstract
Detecting microarchitectural attacks is critical given their proliferation in recent years. Many of these attacks exhibit intrinsic behaviors essential to the nature of their operation, such as creating contention or misspeculation. This study systematically investigates the microarchitectural footprints of hardware-based attacks and shows how they can be detected and classified using an efficient hardware predictor. We present a methodology to use correlated microarchitectural statistics to design a hardware-based neural predictor capable of detecting and classifying microarchitectural attacks before data is leaked. Once a potential attack is detected, it can be proactively mitigated by triggering appropriate countermeasures.Our hardware-based detector, PerSpectron, uses perceptron learning to identify and classify attacks. Perceptron-based prediction has been successfully used in branch prediction and other hardware-based applications. PerSpectron has minimal performance overhead. The statistics being monitored have similar overhead to already existing performance monitoring counters. Additionally, PerSpectron operates outside the processor’s critical paths, offering security without added computation delay. Our system achieves a usable detection rate for detecting attacks such as SpectreV1, SpectreV2, SpectreRSB, Meltdown, breakingKSLR, Flush+Flush, Flush+Reload, Prime+Probe as well as cache-attack calibration programs. We also believe that the large number of diverse microarchitectural features offers both evasion resilience and interpretability—features not present in previous hardware security detectors. We detect these attacks early enough to avoid any data leakage, unlike previous work that triggers countermeasures only after data has been exposed.Keywords
Funding Information
- National Science Foundation
This publication has 44 references indexed in Scilit:
- Ensemble Learning for Low-Level Hardware-Supported Malware DetectionLecture Notes in Computer Science, 2015
- Last-Level Cache Side-Channel Attacks are PracticalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Malware-aware processors: A framework for efficient online malware detectionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errorsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Non-monopolizable cachesACM Transactions on Architecture and Code Optimization, 2012
- The gem5 simulatorACM SIGARCH Computer Architecture News, 2011
- SPEC CPU2006 benchmark descriptionsACM SIGARCH Computer Architecture News, 2006
- Recognition invariance obtained by extended and invariant featuresNeural Networks, 2004
- Object Recognition with Gradient-Based LearningPublished by Springer Science and Business Media LLC ,1999
- Induction of decision treesMachine Learning, 1986