HybriDG: Hybrid Dynamic Time Warping and Gaussian Distribution Model for Detecting Emerging Zero-Day Microarchitectural Side-Channel Attacks

Abstract

Microarchitectural Side-channel Attacks (SCAs) benefit from emerging hardware vulnerabilities in modern microprocessors to steal critical information from users, posing great security threats to computer systems. Several recent studies have focused on using low-level features captured from built-in Hardware Performance Counter (HPC) registers to implement accurate Machine Learning (ML)-based SCAs detectors. Nonetheless, existing ML-based SCAs detectors required prior knowledge of attacks applications to detect the pattern of side-channel attacks using a variety of microarchitectural features. In particular, the existing solutions have ignored to address the challenge of detecting sophisticated unknown (zero-day) SCAs at run-time which is a more challenging issue in today's computer systems. In addition, prior works analyzed a limited number of ML classifiers without thoroughly evaluating the detection effectiveness and computational complexity of the detectors. In response, we propose HybriDG, a hybrid lightweight model consisting of Dynamic Time Warping (DTW) followed by a Gaussian distribution model to accurately detect both known and unknown emerging SCAs at run-time. Our experimental results demonstrate that HybriDG achieves 100% detection accuracy for known attacks and 99.5% detection accuracy for unknown attacks which is significantly outperforming traditional ML algorithms, deep learning, and time series classification models by up to 80% for unknown and 8% known attack detection.