Fight Hardware with Hardware: System-wide Detection and Mitigation of Side-Channel Attacks using Performance Counters
- URL: http://arxiv.org/abs/2402.13281v1
- Date: Sun, 18 Feb 2024 15:45:38 GMT
- Title: Fight Hardware with Hardware: System-wide Detection and Mitigation of Side-Channel Attacks using Performance Counters
- Authors: Stefano CarnĂ , Serena Ferracci, Francesco Quaglia, Alessandro Pellegrini,
- Abstract summary: We present a kernel-level infrastructure that allows system-wide detection of malicious applications attempting to exploit cache-based side-channel attacks.
This infrastructure relies on hardware performance counters to collect information at runtime from all applications running on the machine.
High-level detection metrics are derived from these measurements to maximize the likelihood of promptly detecting a malicious application.
- Score: 45.493130647468675
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: We present a kernel-level infrastructure that allows system-wide detection of malicious applications attempting to exploit cache-based side-channel attacks to break the process confinement enforced by standard operating systems. This infrastructure relies on hardware performance counters to collect information at runtime from all applications running on the machine. High-level detection metrics are derived from these measurements to maximize the likelihood of promptly detecting a malicious application. Our experimental assessment shows that we can catch a large family of side-channel attacks with a significantly reduced overhead. We also discuss countermeasures that can be enacted once a process is suspected of carrying out a side-channel attack to increase the overall tradeoff between the system's security level and the delivered performance under non-suspected process executions.
Related papers
- Delay-Induced Watermarking for Detection of Replay Attacks in Linear Systems [1.143707646428782]
A state-feedback watermarking signal design for the detection of replay attacks in linear systems is proposed.
The proposed secure control scheme holds promise of being superior to conventional, feed-forward, watermarking schemes.
arXiv Detail & Related papers (2024-04-01T01:34:30Z) - Scalable Ensemble-based Detection Method against Adversarial Attacks for
speaker verification [73.30974350776636]
This paper comprehensively compares mainstream purification techniques in a unified framework.
We propose an easy-to-follow ensemble approach that integrates advanced purification modules for detection.
arXiv Detail & Related papers (2023-12-14T03:04:05Z) - A Tale of Unrealized Hope: Hardware Performance Counter Against Cache Attacks [0.76146285961466]
This paper investigates an emerging cache side channel attack defense approach involving the use of hardware performance counters (HPCs)
With numerous proposals and promising reported results, we seek to investigate whether published HPC-based detection methods are evaluated in a proper setting.
arXiv Detail & Related papers (2023-11-17T14:08:47Z) - Poisoning Retrieval Corpora by Injecting Adversarial Passages [79.14287273842878]
We propose a novel attack for dense retrieval systems in which a malicious user generates a small number of adversarial passages.
When these adversarial passages are inserted into a large retrieval corpus, we show that this attack is highly effective in fooling these systems.
We also benchmark and compare a range of state-of-the-art dense retrievers, both unsupervised and supervised.
arXiv Detail & Related papers (2023-10-29T21:13:31Z) - Towards a Near-real-time Protocol Tunneling Detector based on Machine Learning Techniques [0.0]
We present a protocol tunneling detector prototype which inspects, in near real time, a company's network traffic using machine learning techniques.
The detector monitors unencrypted network flows and extracts features to detect possible occurring attacks and anomalies.
Results show 97.1% overall accuracy and an F1-score equals to 95.6%.
arXiv Detail & Related papers (2023-09-22T09:08:43Z) - An RL-Based Adaptive Detection Strategy to Secure Cyber-Physical Systems [0.0]
Increased dependence on software based control has escalated the vulnerabilities of Cyber Physical Systems.
We propose a Reinforcement Learning (RL) based framework which adaptively sets the parameters of such detectors based on experience learned from attack scenarios.
arXiv Detail & Related papers (2021-03-04T07:38:50Z) - Aurora Guard: Reliable Face Anti-Spoofing via Mobile Lighting System [103.5604680001633]
Anti-spoofing against high-resolution rendering replay of paper photos or digital videos remains an open problem.
We propose a simple yet effective face anti-spoofing system, termed Aurora Guard (AG)
arXiv Detail & Related papers (2021-02-01T09:17:18Z) - No Need to Know Physics: Resilience of Process-based Model-free Anomaly
Detection for Industrial Control Systems [95.54151664013011]
We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system.
We analyze four anomaly detectors published at top security conferences.
arXiv Detail & Related papers (2020-12-07T11:02:44Z) - Adversarial EXEmples: A Survey and Experimental Evaluation of Practical
Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes.
We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks.
These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.