Multi hardware-attack dataset and ML-based detection using processor stress patterns on x86

Hardware attacks exploit the vulnerabilities discov-ered in state-of-the-art CPUs. As an example, attacks such asMeltdown and Spectre have made the headlines. To benefit fromthe vulnerabilities, hardware attacks stress tremendously somesection/s of the processor, usually the branch-prediction unit a...

Descripción completa

Detalles Bibliográficos
Autores: Andreu Gerique, David, Otero Calviño, Beatriz|||0000-0002-9194-559X, Canal Corretger, Ramon|||0000-0003-4542-204X
Tipo de recurso: artículo
Fecha de publicación:2025
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/443421
Acceso en línea:https://hdl.handle.net/2117/443421
https://dx.doi.org/10.64552/wipiec.v11i1.94
Access Level:acceso abierto
Palabra clave:Security
Hardware attack
Spectre
Meltdown
Fallout
Machine learning
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Àrees temàtiques de la UPC::Informàtica::Hardware
Àrees temàtiques de la UPC::Informàtica::Intel·ligència artificial::Aprenentatge automàtic
Descripción
Sumario:Hardware attacks exploit the vulnerabilities discov-ered in state-of-the-art CPUs. As an example, attacks such asMeltdown and Spectre have made the headlines. To benefit fromthe vulnerabilities, hardware attacks stress tremendously somesection/s of the processor, usually the branch-prediction unit andthe different cache levels. This gives us a recognizable patternand a way to implement a system capable of detecting thepresence of these attacks while monitoring the computer. In thispaper, we describe the set of hardware attacks under focus, thenwe describe how we create the dataset and, finally, the use ofmachine learning to detect the attacks in three scenarios (i.e.training on both benign applications and attacks, training ononly benign applications and training only on attacks) and twox86 CPUs (Intel and AMD). The techniques proposed are capableof achieving over 99% detection rate with a machine learningmodel. This provides a run-time solution to quickly identify theattack as it starts running and take remedial actions.