Vizard: Passing Over Profiling-Based Detection by Manipulating Performance Counters

Minkyu Song, Taeweon Suh, Gunjae Koo

Research output: Contribution to journalArticlepeer-review


Cache side-channel attacks have been serious security threats to server computer systems, thus researchers have proposed software-based defense approaches that can detect the security attacks. Profiling-based detectors are lightweight detection solutions that rely on hardware performance counters to identify unique cache performance behaviors by cache side-channel attacks. The detectors typically need to set appropriate criteria to differentiate between attack processes and normal applications. In this paper, we explore the limitations of profiling-based detectors that rely on hardware performance counters. We present an attack scenario, called Vizard, that can bypass the existing profiling-based detectors by manipulating cache performance behaviors of an attack process. Our analysis discloses that cache side-channel attacks include idle periods that can be exploited as attack windows for creating cache events. Vizard generates counterbalancing cache events within the attack windows to hide particular cache performance behaviors of cache side-channel attacks. Our evaluation exhibits that Vizard can effectively bypass profiling-based detectors while maintaining high attack success rates. Our research work represents that attackers can bypass the existing detection approaches by manipulating performance counters.

Original languageEnglish
Pages (from-to)48099-48112
Number of pages14
JournalIEEE Access
Publication statusPublished - 2023

Bibliographical note

Funding Information:
This work was supported in part by the Institute of Information and Communications Technology Planning and Evaluation (IITP) funded by the Korean Government (MSIT) (Research on CPU Vulnerability Detection and Validation) under Grant 2019-0-00533, in part by the ICT Creative Consilience Program under Grant IITP-2022-2020-0-01819, and in part by the National Research Foundation of Korea (NRF) funded by the Korean Government (MSIT) under Grant NRF-2022R1A2C1011469 and Grant NRF-2021R1C1C1012172.

Publisher Copyright:
© 2013 IEEE.


  • Security attacks
  • cache side-channel attacks
  • hardware performance counters
  • security attack detectors

ASJC Scopus subject areas

  • Engineering(all)
  • Materials Science(all)
  • Computer Science(all)


Dive into the research topics of 'Vizard: Passing Over Profiling-Based Detection by Manipulating Performance Counters'. Together they form a unique fingerprint.

Cite this