Victims Can Be Saviors

Abstract

Micro-architectural side-channel attacks are major threats to the most mathematically sophisticated encryption algorithms. In spite of the fact that there exist several defense techniques, the overhead of implementing the countermeasures remains a matter of concern. A promising strategy is to develop online detection and prevention methods for these attacks. Though some recent studies have devised online prevention mechanisms for some categories of these attacks, still other classes remain undetected. Moreover, to detect these side-channel attacks with minimal False Positives is a challenging effort because of the similarity of their behavior with computationally intensive applications. This article presents a generalized machine learning--based multi-layer detection technique that targets these micro-architectural side-channel attacks, while not restricting its attention only on a single category of attacks. The proposed mechanism gathers low-level system information by profiling performance counter events using Linux perf tool and then applies machine learning techniques to analyze the data. A novel approach using time-series analysis of the data is implemented to find out the correlation of the execution trace of the attack process with the secret key of encryption, which helps in dealing with False-Positives and unknown attacks. This article also provides a detailed theoretical analysis of the detection mechanism of the proposed model along with its security analysis. The experimental results show that the proposed method is superior to the state-of-the-art reported techniques with high detection accuracy, low False Positives, and low implementation overhead while being able to detect before the completion of the attack.