Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (6): 1862-1871.DOI: 10.11772/j.issn.1001-9081.2023060787
Special Issue: 网络空间安全
• Cyber security • Previous Articles Next Articles
Zihao YAO1,2, Yuanming LI3, Ziqiang MA1,2(), Yang LI1,2, Lianggen WEI1,2
Received:
2023-06-26
Revised:
2023-10-14
Accepted:
2023-10-23
Online:
2023-11-01
Published:
2024-06-10
Contact:
Ziqiang MA
About author:
YAO Zihao, born in 1999, M. S. candidate. His research interests include computer system security, cache side-channel attack and defense.Supported by:
姚梓豪1,2, 栗远明3, 马自强1,2(), 李扬1,2, 魏良根1,2
通讯作者:
马自强
作者简介:
姚梓豪(1999—),男,安徽省阜阳人,硕士研究生,主要研究方向:计算机系统安全、缓存侧信道攻击与防御基金资助:
CLC Number:
Zihao YAO, Yuanming LI, Ziqiang MA, Yang LI, Lianggen WEI. Multi-object cache side-channel attack detection model based on machine learning[J]. Journal of Computer Applications, 2024, 44(6): 1862-1871.
姚梓豪, 栗远明, 马自强, 李扬, 魏良根. 基于机器学习的多目标缓存侧信道攻击检测模型[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1862-1871.
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2023060787
事件名称 | 事件简称 |
---|---|
cache-miss | 缓存未命中 |
cache-reference | 缓存访问 |
L1-dcache-load-miss | L1数据缓存读取失败 |
L1-dcache-load | L1数据缓存读取 |
LLC-load-miss | LLC读取失败 |
LLC-load | LLC读取 |
DTLB-load-miss | DTLB读取失败 |
DTLB-load | DTLB读取 |
cache-miss-rate | 缓存未命中率 |
LLC-load-miss-rate | LLC缓存未命中率 |
DTLB-load-miss-rate | DTLB未命中率 |
L1-dcache-miss-rate | L1数据缓存未命中率 |
Tab. 1 List of related hardware events
事件名称 | 事件简称 |
---|---|
cache-miss | 缓存未命中 |
cache-reference | 缓存访问 |
L1-dcache-load-miss | L1数据缓存读取失败 |
L1-dcache-load | L1数据缓存读取 |
LLC-load-miss | LLC读取失败 |
LLC-load | LLC读取 |
DTLB-load-miss | DTLB读取失败 |
DTLB-load | DTLB读取 |
cache-miss-rate | 缓存未命中率 |
LLC-load-miss-rate | LLC缓存未命中率 |
DTLB-load-miss-rate | DTLB未命中率 |
L1-dcache-miss-rate | L1数据缓存未命中率 |
硬件事件 | 攻击种类 | 程序 | ||||
---|---|---|---|---|---|---|
F+R | F+F | P+P | hello_ word | network music | while | |
cache-miss | 高 | 高 | 高 | 低 | 低 | 低 |
cache-reference | 高 | 高 | 低 | 低 | 低 | 低 |
L1-dcache-load | 高 | 低 | 高 | 低 | 低 | 低 |
L1-dcache-load-miss | 高 | 低 | 中 | 低 | 低 | 低 |
DTLB-load | 高 | 中 | 高 | 中 | 低 | 低 |
DTLB-load-miss | 高 | 中 | 低 | 低 | 低 | 低 |
LLC-load-miss | 高 | 中 | 低 | 低 | 低 | 低 |
LLC-load | 高 | 中 | 低 | 低 | 低 | 低 |
cache-miss-rate | 高 | 高 | 高 | 低 | 低 | 低 |
L1-dcache-miss-rate | 低 | 中 | 低 | 低 | 低 | 低 |
LLC-load-miss-rate | 高 | 中 | 高 | 低 | 低 | 低 |
DTLB-load-miss-rate | 低 | 中 | 低 | 低 | 低 | 低 |
Tab.2 Correlation between cache side-channel attack features and related hardware events
硬件事件 | 攻击种类 | 程序 | ||||
---|---|---|---|---|---|---|
F+R | F+F | P+P | hello_ word | network music | while | |
cache-miss | 高 | 高 | 高 | 低 | 低 | 低 |
cache-reference | 高 | 高 | 低 | 低 | 低 | 低 |
L1-dcache-load | 高 | 低 | 高 | 低 | 低 | 低 |
L1-dcache-load-miss | 高 | 低 | 中 | 低 | 低 | 低 |
DTLB-load | 高 | 中 | 高 | 中 | 低 | 低 |
DTLB-load-miss | 高 | 中 | 低 | 低 | 低 | 低 |
LLC-load-miss | 高 | 中 | 低 | 低 | 低 | 低 |
LLC-load | 高 | 中 | 低 | 低 | 低 | 低 |
cache-miss-rate | 高 | 高 | 高 | 低 | 低 | 低 |
L1-dcache-miss-rate | 低 | 中 | 低 | 低 | 低 | 低 |
LLC-load-miss-rate | 高 | 中 | 高 | 低 | 低 | 低 |
DTLB-load-miss-rate | 低 | 中 | 低 | 低 | 低 | 低 |
选取 特征 | 攻击种类 | ||
---|---|---|---|
F+R | F+F | P+P | |
特征1 | cache-miss | cache-miss | cache-miss |
特征2 | LLC-load-miss | cache-reference | L1-dcache-load-miss |
Tab.3 Selection results of cache side-channel attack features
选取 特征 | 攻击种类 | ||
---|---|---|---|
F+R | F+F | P+P | |
特征1 | cache-miss | cache-miss | cache-miss |
特征2 | LLC-load-miss | cache-reference | L1-dcache-load-miss |
攻击种类 | 算法 | 准确度 | 检测速度 | 假阳性 | 假阴性 | 性能开销 |
---|---|---|---|---|---|---|
Flush+Reload | SVM | 99.96 | 0.98 | 0.04 | 0.00 | 1.7 |
LR | 99.95 | 0.98 | 0.05 | 0.00 | 1.6 | |
k-NN | 99.92 | 0.96 | 0.08 | 0.00 | 0.9 | |
DT | 99.86 | 0.95 | 0.14 | 0.01 | 1.4 | |
NB | 99.89 | 0.96 | 0.11 | 0.04 | 1.3 | |
Flush+Flush | SVM | 98.82 | 0.98 | 1.18 | 0.01 | 1.7 |
LR | 99.21 | 0.98 | 0.69 | 0.00 | 1.6 | |
k-NN | 98.22 | 0.96 | 1.78 | 0.04 | 0.9 | |
DT | 98.36 | 0.95 | 1.64 | 0.02 | 1.4 | |
NB | 98.49 | 0.96 | 1.51 | 0.01 | 1.3 | |
Prime+Probe | SVM | 99.68 | 0.98 | 0.32 | 0.00 | 1.7 |
LR | 99.97 | 0.98 | 0.03 | 0.00 | 1.6 | |
k-NN | 99.72 | 0.96 | 0.28 | 0.01 | 0.9 | |
DT | 99.86 | 0.95 | 0.14 | 0.00 | 1.4 | |
NB | 99.84 | 0.96 | 0.16 | 0.02 | 1.3 |
Tab.4 Algorithm performance detection results for different types of attacks
攻击种类 | 算法 | 准确度 | 检测速度 | 假阳性 | 假阴性 | 性能开销 |
---|---|---|---|---|---|---|
Flush+Reload | SVM | 99.96 | 0.98 | 0.04 | 0.00 | 1.7 |
LR | 99.95 | 0.98 | 0.05 | 0.00 | 1.6 | |
k-NN | 99.92 | 0.96 | 0.08 | 0.00 | 0.9 | |
DT | 99.86 | 0.95 | 0.14 | 0.01 | 1.4 | |
NB | 99.89 | 0.96 | 0.11 | 0.04 | 1.3 | |
Flush+Flush | SVM | 98.82 | 0.98 | 1.18 | 0.01 | 1.7 |
LR | 99.21 | 0.98 | 0.69 | 0.00 | 1.6 | |
k-NN | 98.22 | 0.96 | 1.78 | 0.04 | 0.9 | |
DT | 98.36 | 0.95 | 1.64 | 0.02 | 1.4 | |
NB | 98.49 | 0.96 | 1.51 | 0.01 | 1.3 | |
Prime+Probe | SVM | 99.68 | 0.98 | 0.32 | 0.00 | 1.7 |
LR | 99.97 | 0.98 | 0.03 | 0.00 | 1.6 | |
k-NN | 99.72 | 0.96 | 0.28 | 0.01 | 0.9 | |
DT | 99.86 | 0.95 | 0.14 | 0.00 | 1.4 | |
NB | 99.84 | 0.96 | 0.16 | 0.02 | 1.3 |
算法 | 攻击 种类 | 准确度 | 检测 速度 | 假阳性 | 假阴性 | 性能 开销 |
---|---|---|---|---|---|---|
SVM(双目标) | F+R | 98.65 | 1.23 | 1.35 | 0.32 | 2.6 |
F+F | 96.85 | 3.15 | 0.41 | |||
P+P | 99.01 | 0.99 | 0.03 | |||
SVM(三目标) | F+R | 97.54 | 4.52 | 2.46 | 0.36 | 3.2 |
F+F | 95.22 | 4.78 | 0.38 | |||
P+P | 98.45 | 1.55 | 0.05 |
Tab.5 Multi-object single-model detection results
算法 | 攻击 种类 | 准确度 | 检测 速度 | 假阳性 | 假阴性 | 性能 开销 |
---|---|---|---|---|---|---|
SVM(双目标) | F+R | 98.65 | 1.23 | 1.35 | 0.32 | 2.6 |
F+F | 96.85 | 3.15 | 0.41 | |||
P+P | 99.01 | 0.99 | 0.03 | |||
SVM(三目标) | F+R | 97.54 | 4.52 | 2.46 | 0.36 | 3.2 |
F+F | 95.22 | 4.78 | 0.38 | |||
P+P | 98.45 | 1.55 | 0.05 |
攻击种类 | 准确度 | 检测速度 | 假阳性 | 假阴性 | 性能开销 |
---|---|---|---|---|---|
Flush+Reload | 99.91 | 0.9 | 0.09 | 0.00 | 5.2 |
Flush+Flush | 98.69 | 1.0 | 1.31 | 0.01 | |
Prime+Probe | 99.54 | 0.9 | 0.46 | 0.00 | |
其他异常 | 97.23 | 1.2 | 2.77 | 0.02 |
Tab.6 Independent and identically distributed model detection results
攻击种类 | 准确度 | 检测速度 | 假阳性 | 假阴性 | 性能开销 |
---|---|---|---|---|---|
Flush+Reload | 99.91 | 0.9 | 0.09 | 0.00 | 5.2 |
Flush+Flush | 98.69 | 1.0 | 1.31 | 0.01 | |
Prime+Probe | 99.54 | 0.9 | 0.46 | 0.00 | |
其他异常 | 97.23 | 1.2 | 2.77 | 0.02 |
模型 | 攻击种类 | 准确度 | 检测速度 | 性能 开销 |
---|---|---|---|---|
文献[ | P+P | 100.00 | <2 | |
文献[ | F+R | 99.85 | ||
F+F | ||||
P+P | ||||
文献[ | F+R | 97.00 | <2 | |
P+P | 98.00 | |||
文献[ | P+P | 100.00 | <5 | |
F+R | 100.00 | |||
文献[ | P+P | 100.00 | ||
文献[ | F+R | 100.00 | <2 | |
P+P | 100.00 | |||
文献[ | F+R | 100.00 | ||
文献[ | P+P | 100.00 | <2 | |
本文模型 | F+R | 99.91 | 0.9 | <8 |
F+F | 98.69 | 1.0 | ||
P+P | 99.54 | 0.9 | ||
Anomaly detection | 97.23 | 1.2 |
Tab.7 Comparative analysis among different models
模型 | 攻击种类 | 准确度 | 检测速度 | 性能 开销 |
---|---|---|---|---|
文献[ | P+P | 100.00 | <2 | |
文献[ | F+R | 99.85 | ||
F+F | ||||
P+P | ||||
文献[ | F+R | 97.00 | <2 | |
P+P | 98.00 | |||
文献[ | P+P | 100.00 | <5 | |
F+R | 100.00 | |||
文献[ | P+P | 100.00 | ||
文献[ | F+R | 100.00 | <2 | |
P+P | 100.00 | |||
文献[ | F+R | 100.00 | ||
文献[ | P+P | 100.00 | <2 | |
本文模型 | F+R | 99.91 | 0.9 | <8 |
F+F | 98.69 | 1.0 | ||
P+P | 99.54 | 0.9 | ||
Anomaly detection | 97.23 | 1.2 |
1 | 梁鑫,桂小林,戴慧琚,等.云环境中跨虚拟机的cache侧信道攻击技术研究 [J].计算机学报,2017,40(2):317-336. |
LIANG X, GUI X L, DAI H J, et al. Cross-VM cache side channel attacks in cloud: a survey [J]. Chinese Journal of Computers, 2017, 40(2):317-336. | |
2 | GULMEZOGLU B, INCI M, IRAZOQUI G, et al. Cross-VM cache attacks on AES [J]. IEEE Transactions on on Multi-Scale Computing Systems, 2016, 2(3): 211-222. |
3 | M-M BAZM, SAUTEREAU T, LACOSTE M, et al. Cache-based side-channel attacks detection through Intel cache monitoring technology and hardware performance counters [C]// Proceedings of the 2018 Third International Conference on Fog & Mobile Edge Computing. Piscataway: IEEE, 2018: 7-12. |
4 | YOON J W, HONG T Y, PARK C Y, et al. Stable HPC cluster management scheme through performance evaluation [C]// Proceedings of the 2015 Computer Science and its Applications, LNEE 330. Berlin: Springer, 2015: 1017-1023. |
5 | DOYCHEV G, FELD D, KÖPF B, et al. CacheAudit: a tool for the static analysis of cache side channels [J]. ACM Transactions on Information and System Security, 2015, 18(1): Article No. 4. |
6 | MUSHTAQ M, AKRAM A, BHATTI M K, et al. NIGHTs-WATCH: a cache-based side-channel intrusion detector using hardware performance counters[C]// Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy. New York: ACM, 2018: Article No. 1. |
7 | AHMAD B A. Real time detection of spectre and meltdown attacks using machine learning[EB/OL]. (2020-06-02) [2023-04-23]. . |
8 | HETTWER B, GEHRER S, GÜNEYSU T. Applications of machine learning techniques in side-channel attacks: a survey [J]. Journal of Cryptographic Engineering, 2020, 10: 135-162. |
9 | MAVROFORAKIS M E, THEODORIDIS S. A geometric approach to Support Vector Machine (SVM) classification [J]. IEEE Transactions on Neural Networks, 2006, 17(3): 671-682. |
10 | TONG Z, ZHU Z, WANG Z, et al. Cache side-channel attacks detection based on machine learning[C]// Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications. Piscataway: IEEE, 2020: 919-926. |
11 | RAJ A, DHARANIPRAGADA J. Keep the PokerFace on! Thwarting cache side channel attacks by memory bus monitoring and cache obfuscation [J]. Journal of Cloud Computing, 2017, 6(1): Article No. 28. |
12 | ZHANG Y, JUELS A, REITER M K, et al. Cross-VM side channels and their use to extract private keys[C]// Proceedings of the 2012 ACM Conference on Computer and Communications Security. New York: ACM, 2012: 305-316. |
13 | KOCHER P, HORN J, FOGH A, et al. Spectre attacks: exploiting speculative execution[J]. Communications of the ACM, 2020, 63(7): 93-101. |
14 | YAROM Y, FALKNER K. FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack [C]// Proceedings of the 23rd USENIX Security Symposium. Berkeley: USENIX Association, 2014: 719-732. |
15 | YAROM Y, BENGER N. Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack [J]. Cryptology ePrint Archive, 2014, 2014: 140. |
16 | GRUSS D, MAURICE C, WAGNER K, et al. Flush+Flush: a fast and stealthy cache attack [C]// Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Cham: Springer, 2016: 279-299. |
17 | LIU F, YAROM Y, GE Q, et al. Last-level cache side-channel attacks are practical [C]// Proceedings of the 2015 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2015: 605-622. |
18 | COVER T, HART P. Nearest neighbor pattern classification [J]. IEEE Transactions on Information Theory, 1967, 13(1): 21-27. |
19 | LaVALLEY M P. Logistic regression[J]. Circulation, 2008, 117(18): 2395-2399. |
20 | UTGOFF P E. Incremental induction of decision trees [J]. Machine Learning, 1989, 4: 161-186. |
21 | McCALLUM A, NIGAM K. A comparison of event models for Naive Bayes text classification: WS-98-05 [R]. Menlo Park: AAAI Press, 1998: 41-48. |
22 | 左英泽. 基于机器学习的混合侧信道攻击检测方法研究[D]. 长春:吉林大学, 2023:26-28. |
ZUO Y Z. Research on hybrid side channel attack detection method based on machine learning [D]. Changchun: Jilin University, 2023: 26-28. | |
23 | ALLAF Z, ADDA M, GEGOV A. A comparison study on Flush+Reload and Prime+Probe attacks on AES using machine learning approaches [C]// Proceedings of the 17th UK Workshop on Computational Intelligence. Cham: Springer, 2017: 203-213. |
24 | ZHANG T, ZHANG Y, LEE R B. CloudRadar: a real-time side-channel attack detection system in clouds [C]// Proceedings of the 19th International Symposium on Research in Attacks, Intrusions, and Defenses. Cham: Springer, 2016: 118-140. |
25 | SABBAGH M, FEI Y, WAHL T, et al. SCADET: a side-channel attack detection tool for tracking prime+probe [C]// Proceedings of 2018 IEEE/ACM International Conference on Computer-Aided Design. New York: ACM, 2018: 1-8. |
26 | PAYER M. HexPADS: a platform to detect “stealth” attacks [C]// Proceedings of the 8th International Symposium on Engineering Secure Software and Systems. Cham: Springer, 2016: 138-154. |
27 | PENG S-H, ZHOU Q-F, ZHAO J-L. Detection of cache-based side channel attack based on performance counters[C]// Proceedings of the 2017 3rd International Conference on Artificial Intelligence and Industrial Engineering. [S.l.]: DEStech Publications, 2017: 377-381. |
28 | MUSHTAQ M, AKRAM A, BHATTI M K, et al. Run-time detection of Prime+Probe side-channel attack on AES encryption algorithm[C]// Proceedings of the 2018 Global Information Infrastructure and Networking Symposium. Piscataway: IEEE, 2018: 1-5. |
[1] | Xuebin CHEN, Zhiqiang REN, Hongyang ZHANG. Review on security threats and defense measures in federated learning [J]. Journal of Computer Applications, 2024, 44(6): 1663-1672. |
[2] | Yi ZHENG, Cunyi LIAO, Tianqian ZHANG, Ji WANG, Shouyin LIU. Image denoising-based cell-level RSRP estimation method for urban areas [J]. Journal of Computer Applications, 2024, 44(3): 855-862. |
[3] | Wei SHE, Yang LI, Lihong ZHONG, Defeng KONG, Zhao TIAN. Hyperparameter optimization for neural network based on improved real coding genetic algorithm [J]. Journal of Computer Applications, 2024, 44(3): 671-676. |
[4] | Xuebin CHEN, Changsheng QU. Overview of backdoor attacks and defense in federated learning [J]. Journal of Computer Applications, 2024, 44(11): 3459-3469. |
[5] | Renke SUN, Zhiyu HUANGFU, Hu CHEN, Zhongnian LI, Xinzheng XU. Survey of neural architecture search [J]. Journal of Computer Applications, 2024, 44(10): 2983-2994. |
[6] | Wenze CHAI, Jing FAN, Shukui SUN, Yiming LIANG, Jingfeng LIU. Overview of deep metric learning [J]. Journal of Computer Applications, 2024, 44(10): 2995-3010. |
[7] | Chunyong YIN, Yongcheng ZHOU. Automatically adjusted clustered federated learning for double-ended clustering [J]. Journal of Computer Applications, 2024, 44(10): 3011-3020. |
[8] | Haoyang CUI, Hui ZHANG, Lei ZHOU, Chunming YANG, Bo LI, Xujian ZHAO. Multi-similarity K-nearest neighbor classification algorithm with ordered pairs of normalized real numbers [J]. Journal of Computer Applications, 2023, 43(9): 2673-2678. |
[9] | Jing ZHONG, Chen LIN, Zhiwei SHENG, Shibin ZHANG. Quantum K-Means algorithm based on Hamming distance [J]. Journal of Computer Applications, 2023, 43(8): 2493-2498. |
[10] | Mengjie LAN, Jianping CAI, Lan SUN. Self-regularization optimization methods for Non-IID data in federated learning [J]. Journal of Computer Applications, 2023, 43(7): 2073-2081. |
[11] | Xiaohui HUANG, Kaiming YANG, Jiahao LING. Order dispatching by multi-agent reinforcement learning based on shared attention [J]. Journal of Computer Applications, 2023, 43(5): 1620-1624. |
[12] | Shaochen HAO, Zizuan WEI, Yao MA, Dan YU, Yongle CHEN. Network intrusion detection model based on efficient federated learning algorithm [J]. Journal of Computer Applications, 2023, 43(4): 1169-1175. |
[13] | Xiaofei SUN, Jingyuan ZHU, Bin CHEN, Hengzhi YOU. Virtual screening of drug synthesis reaction based on multimodal data fusion [J]. Journal of Computer Applications, 2023, 43(2): 622-629. |
[14] | Junpeng ZHANG, Yujie SHI, Rui JANG, Jingjing DONG, Changjian QIU. Review on advances in recognition and classification of cognitive impairment based on EEG signals [J]. Journal of Computer Applications, 2023, 43(10): 3297-3308. |
[15] | Hongliang LI, Nong ZHANG, Ting SUN, Xiang LI. Performance interference analysis and prediction for distributed machine learning jobs [J]. Journal of Computer Applications, 2022, 42(6): 1649-1655. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||