Deep Learning-Based Detection for Multiple Cache Side-Channel Attacks

Hodong Kim, Changhee Hahn, Hyunwoo J. Kim, Youngjoo Shin, Junbeom Hur

Research output: Contribution to journalArticlepeer-review

Abstract

A cache side-channel attack retrieves victim's sensitive information from a system by exploiting shared cache of CPUs. Since conventional cache side-channel attacks such as FLUSH+RELOAD and PRIME+PROBE are likely to incur numerous cache events, such as cache hits and misses, many previous strategies have focused on monitoring cache events for attack detection. However, as recently proposed attacks such as PRIME+ABORT have exploited the other events as side-channels, it has become challenging to detect them by monitoring only cache events. In this paper, we investigate PRIME+ABORT attack and identifies Intel TSX hardware events are tightly coupled with it as well as cache events. Based on our finding, we propose a novel deep learning-based cache side-channel attack detection method called FRIME. It can concurrently detect not only the conventional attacks such as FLUSH+RELOAD, PRIME+PROBE, but also PRIME+ABORT by leveraging both event types. In order to demonstrate the efficacy of our cache side-channel attack detection scheme in diverse workload conditions in the real world, we implement it using MLP, RNN, and LSTM deep learning models, demonstrating LSTM-based method outperforms the other implementations in terms of detection accuracy.

Original languageEnglish
Pages (from-to)1672-1686
Number of pages15
JournalIEEE Transactions on Information Forensics and Security
Volume19
DOIs
Publication statusPublished - 2024

Bibliographical note

Publisher Copyright:
© 2005-2012 IEEE.

Keywords

  • Cache side-channel attack detection
  • FLUSH+RE-LOAD
  • multiclass classification
  • PRIME+ABORT
  • PRIME+PROBE

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Deep Learning-Based Detection for Multiple Cache Side-Channel Attacks'. Together they form a unique fingerprint.

Cite this