关键词: 缓存侧信道攻击, 缓存侧信道攻击检测, 硬件性能计数器, 特征分析, 机器学习

Abstract: Current cache side-channel attack detection technology is mainly aimed at a single attack mode. The detection methods for two to three attacks are limited and cannot fully cover it. In addition, although the detection accuracy of a single attack is high, as the number of attacks increases, the accuracy decreases and false positives are easily generated. To effectively detect cache side-channel attacks, a machine learning-based multi-target cache side-channel attack detection model was proposed, which utilizes hardware performance counters to collect various cache side-channel attack features. Initially, relevant feature analysis was conducted on various cache side-channel attack methods, and key features were selected and data sets were collected. Subsequently, independent training was carried out to establish a detection model for each attack method. Additionally, during detection, test data was processed in parallel. The detection results from multiple models are employed to ascertain the presence of any cache side-channel attack Experimental results show that this model exhibits high accuracy rates of 99.91%, 98.69% and 99.54% respectively when detecting three cache side channel attacks: Flush+Reload, Flush+Flush and Prime+Probe. Even when multiple attacks exist at the same time, various attack methods can be accurately identified.

Key words: cache side channel attack, cache side channel attack detection, hardware performance counter, feature analysis, machine learning