结合决策树和AdaBoost的缓存侧信道攻击检测

摘要/Abstract

摘要： 缓存侧信道攻击严重威胁各类系统的安全，对攻击进行检测可以有效阻断攻击。为此，提出了一种基于决策树和AdaBoost的AD检测模型，通过匹配系统硬件事件信息特征，快速有效地识别缓存侧信道攻击。首先，分析缓存侧信道攻击特点，提取攻击硬件事件特征模式。其次，利用决策树的快速响应能力，同时结合AdaBoost对数据样本进行加权迭代，对采集的不同负载下的特征数据进行模型训练，优化检测模型在不同负载时的整体检测精度。实验结果表明，该模型在不同系统负载条件下的检测精度均不低于98.8%，能够快速准确地检测出缓存侧信道攻击。

关键词: 系统安全, 缓存侧信道攻击, 机器学习, 检测方法

Abstract: Cache side-channel attacks pose a serious threat to the security of various systems, and detecting the attacks can effectively block the attacks. Therefore, an AD detection model based on decision tree and AdaBoost is proposed to quickly and effectively identify cache side-channel attacks by matching system hardware event information features. Firstly, the characteristics of cache side-channel attacks are analyzed, and attack hardware event feature patterns are extracted. Secondly, the decision tree's rapid response capability is utilized, combined with AdaBoost's weighted iterative learning of data samples, to train the model on different load conditions. The model is optimized to improve the overall detection accuracy under different loads. Experimental results show that the detection accuracy of this model under different system load conditions is not less than 98.8%, and it can quickly and accurately detect cache side-channel attacks.

Key words: system security, cache side-channel attack, machine learning, detection method

李扬, 尹大鹏, 马自强, 姚梓豪, 魏良根, . 结合决策树和AdaBoost的缓存侧信道攻击检测[J]. 计算机工程与科学, 2024, 46(03): 440-452.

LI Yang, YIN Da-peng, MA Zi-qiang , YAO Zi-hao, WEI Liang-gen, . Cache side-channel attack detection combining decision tree and AdaBoost[J]. Computer Engineering & Science, 2024, 46(03): 440-452.

参考文献［41］

［1］	Kocher P C.Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems［C］∥Proc of the 16th Annual International Cryptology Conference,1996:104-113.
［2］	Kocher P,Jaffe J,Jun B.Differential power analysis［C］∥Proc of the 19th Annual International Cryptology Conference,1999:388-397.
［3］	Mangard S.A simple power-analysis (SPA) attack on implementations of the AES key expansion［C］∥Proc of the 5th International Conference on Information Security and Cryptology,2003:343-358.
［4］	Brier E,Clavier C,Olivier F.Correlation power analysis with a leakage model［C］∥Proc of the 6th International Conference on Cryptographic Hardware and Embedded Systems,2004:16-29.
［5］	Bernstein D J. Cache-timing attacks on AES ［EB/OL］. ［2023-05-23］. https://mimoza.mamara.edu.tr/~mskalli/cse466_09/cache timing-20050414.pdf.
［6］	Hund R,Willems C,Holz T.Practical timing side channel attacks against kernel space ASLR［C］∥Proc of 2013 IEEE Symposium on Security and Privacy,2013:191-205.
［7］	Osvik D A,Shamir A,Tromer E.Cache attacks and countermeasures:The case of AES［C］∥Proc of the Cryptographers’ Track at the RSA Conference,2006:1-20.
［8］	Zhang Y,Juels A,Reiter M K,et al.Cross-VM side channels and their use to extract private keys［C］∥Proc of the 2012 ACM Conference on Computer and Communications Security,2012:305-316.
［9］	Yarom Y, Genkin D,Heninger N.CacheBleed:A timing attack on OpenSSL constant-time RSA［J］.Journal of Cryptographic Engineering,2017,7:99-112.
［10］	Kocher P,Horn J,Fogh A,et al.Spectre attacks:Exploiting speculative execution［J］.Communications of the ACM,2020,63(7):93-101.
［11］	Lipp M,Schwarz M,Gruss D,et al.Meltdown:Reading kernel memory from user space［J］.Communications of the ACM,2020,63(6):46-56.
［12］	van Bulck J, Minkin M,Weisse O,et al.Foreshadow:Extracting the keys to the Intel SGX kingdom with transient out-of-order execution［C］∥Proc of the 27th USENIX Conference on Security Symposium,2018:991-1008.
［13］	Chen G X,Chen S C,Xiao Y,et al.SgxPectre:Stealing Intel secrets from SGX enclaves via speculative execution［C］∥Proc of 2019 IEEE European Symposium on Security and Privacy,2019:142-157.
［14］	Su C,Zeng Q.Survey of CPU cache-based side-channel attacks:Systematic analysis,security models,and countermeasures［J］.Security and Communication Networks,2021:1-15.
［15］	Gruss D,Maurice C,Wagner K,et al.Flush+Flush:A fast and stealthy cache attack［C］∥Proc of the 13th International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment,2016:279-299.
［16］	Yarom Y, Falkner K.Flush+Reload:A high resolution,low noise,L3 cache side-channel attack［C］∥Proc of the 23rd USENIX Security Symposium, 2014:719-732.
［17］	Liu F,Yarom Y,Ge Q,et al.Last-level cache side-channel attacks are practical［C］∥Proc of 2015 IEEE Symposium on Security and Privacy,2015:605-622.
［18］	Briongos S,Malagón P,Moya J M,et al.Reload+Refresh:Abusing cache replacement policies to perform stealthy cache attacks［C］∥Proc of the 29th USENIX Conference on Security Symposium,2020:1967-1984.
［19］	Mushtaq M,Akram A,Bhatti M K,et al.Nights-watch:A cache-based side-channel intrusion detector using hardware performance counters［C］∥Proc of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy,2018:1-8.
［20］	Allaf Z,Adda M,Gegov A.A comparison study on Flush+Reload and Prime+Probe attacks on AES using machine learning approaches［C］∥Proc of the 17th UK Workshop on Computational Intelligence:Advances in Computational Intelligence Systems,2018:203-213.
［21］	Briongos S,Irazoqui G,Malagón P,et al.CacheShield:Detecting cache attacks through self-observation［C］∥Proc of the 8th ACM Conference on Data and Application Security and Privacy,2018:224-235.
［22］	Tong Z,Zhu Z,Wang Z,et al.Cache side-channel attacks detection based on machine learning［C］∥Proc of 2020 IEEE 19th International Conference on Trust,Security and Privacy in Computing and Communications,2020:919-926.
［23］	Kulah Y, Dincer B, Yilmaz C,et al.SpyDetector:An approach for detecting side-channel attacks at runtime［J］.International Journal of Information Security,2019,18:393-422.
［24］	Demme J,Maycock M,Schmitz J,et al.On the feasibility of online malware detection with performance counters［C］∥Proc of the 40th Annual International Symposium on Computer Architecture,2013:559-570.
［25］	Wang H, Sayadi H,Kolhe G,et al.Phased-guard:Multi-phase machine learning framework for detection and identification of zero-day microarchitectural side-channel attacks［C］∥Proc of 2020 IEEE 38th International Conference on Computer Design,2020:648-655.
［26］	Ou Y, Li L.Side-channel analysis attacks based on deep learning network［J］.Frontiers of Computer Science,2022,16:10-11.
［27］	Gruss D,Spreitzer R,Mangard S.Cache template attacks:Automating attacks on inclusive last-level caches［C］ ∥Proc of the 24th USENIX Security Symposium,2015:897-912.
［28］	Le A T,Hoang T T,Dao B A,et al.A real-time cache side-channel attack detection system on RISC-V out-of-order processor［J］.IEEE Access,2021,9:164597-164612.
［29］	Sangeetha G,Sumathi G.An optimistic technique to detect cache based side channel attacks in cloud［J］.Peer-to-Peer Networking and Applications,2021,14:2473-2486.
［30］	Zhang T,Zhang Y,Lee R B.Analyzing cache side channels using deep neural networks［C］∥Proc of the 34th Annual Computer Security Applications Conference,2018:174-186.
［31］	Gnanavel S,Narayana K E,Jayashree K,et al.Implementation of block-level double encryption based on machine learning techniques for attack detection and prevention［J］.Wireless Communications and Mobile Computing,2022(2):21-30.
［32］	Oshana R,Thornton M A,Caraman M.A side channel attack detection system using processor core events and a support vector machine［C］∥Proc of 2022 11th Mediterranean Conference on Embedded Computing,2022:1-8.
［33］	Chiappetta M,Savas E,Yilmaz C.Real time detection of cache-based side-channel attacks using hardware performance counters［J］.Applied Soft Computing,2016,49:1162-1174.
［34］	Irazoqui G,Inci M S,Eisenbarth T,et al.Know thy neighbor:Cryptolibrary detection in cloud［J］.Proceedings on Privacy Enhancing Technologies,2015,2015:25-40.
［35］	Zhang T W, Zhang Y Q,Lee R B.CloudRadar:A real-time side-channel attack detection system in clouds［C］∥Proc of the 19th International Symposium on Research in Attacks,Intrusions,and Defenses,2016:118-140.
［36］	Shusterman A,Kang L,Haskal Y,et al.Robust website fingerprinting through the cache occupancy channel［C］∥Proc of the 28th USENIX Security Symposium,2019:639-656.
［37］	Chen J, Venkataramani G.CC-Hunter:Uncovering covert timing channels on shared processor hardware［C］∥Proc of the 47th Annual IEEE/ACM International Symposium on Microarchitecture,2014:216-228.
［38］	Sabbagh M,Fei Y S,Wahl T,et al.SCADET:A side-channel attack detection tool for tracking prime-probe［C］∥Proc of 2018 IEEE/ACM International Conference on Computer-Aided Design,2018:1-8.
［39］	Bazm M-M,Sautereau T,Lacoste M,et al.Cache-based side-channel attacks detection through Intel cache monitoring technology and hardware performance counters［C］∥Proc of 2018 3rd International Conference on Fog and Mobile Edge Computing,2018:7-12.
［40］	Wang Z, Taram M,Moghimi D,et al.NVLeak:Off-chip side-channel attacks via non-volatile memory systems［C］∥Proc of the 32nd USENIX Security Symposium,2023:6771-6788.
［41］	Cook J,Drean J,Behrens J,et al.There’s always a bigger fish:A clarifying analysis of a machine-learning-assisted side-channel attack［C］∥Proc of the 49th Annual International Symposium on Computer Architecture,2022:204-217.

[1]	黄鹏程, 冯超超, 马驰远, . 未知工艺角下时序违反的机器学习预测[J]. 计算机工程与科学, 2024, 46(03): 395-399.
[2]	彭畅, 刘青枝, 陈长波, . 多面体模型下的循环置换与自动调优[J]. 计算机工程与科学, 2023, 45(12): 2121-2134.
[3]	赵振宇, 杨天豪, 蒋汶乘, 张书政. 基于机器学习的多压多温多参标准单元延迟快速计算方法[J]. 计算机工程与科学, 2023, 45(08): 1331-1338.
[4]	李小玲, 方建滨, 马俊, 谭霜, 谭郁松. 基于监督学习的稀疏矩阵自动任务分配[J]. 计算机工程与科学, 2023, 45(05): 782-789.
[5]	胡艳芳, 熊文, 高炜. 基于 Spark 平台的网络游戏用户流失预测方法[J]. 计算机工程与科学, 2022, 44(10): 1730-1737.
[6]	唐阳坤, 鲜港, 杨文祥, 喻杰, 张晓蓉, 王耀彬. 基于用户行为的超级计算机作业失败预测方法[J]. 计算机工程与科学, 2022, 44(10): 1753-1761.
[7]	楚阳, 徐文龙. 基于计算机辅助诊断技术的阿尔兹海默症早期分类研究综述[J]. 计算机工程与科学, 2022, 44(05): 879-893.
[8]	崔弘, 赵双, 张广胜, 苏金树. 基于机器学习的移动代理应用流量识别方法[J]. 计算机工程与科学, 2022, 44(04): 654-664.
[9]	刘国强, 赵振宇, 赵晨煜, 韩奥, 杨天豪. 基于机器学习的PCB布线电阻计算方法[J]. 计算机工程与科学, 2022, 44(03): 396-402.
[10]	李文丽. 基于朴素贝叶斯分类的网络谣言识别研究[J]. 计算机工程与科学, 2022, 44(03): 495-501.
[11]	曹良林, 贲可荣, 张献. 基于代理辅助多目标萤火虫算法的软件缺陷预测方法研究[J]. 计算机工程与科学, 2022, 44(02): 257-265.
[12]	张家灏, 邓科峰, 聂腾飞, 任开军, 宋君强. 基于机器学习的海洋中尺度涡检测识别研究综述[J]. 计算机工程与科学, 2021, 43(12): 2115-2125.
[13]	欧琦媛, 祝恩. 基于压缩子空间对齐的多核聚类算法[J]. 计算机工程与科学, 2021, 43(10): 1730-1735.
[14]	何静, 李晋文, 杨安毅. 基于机器学习方法的高速信道建模研究[J]. 计算机工程与科学, 2021, 43(06): 984-988.
[15]	曾杰, 贲可荣, 张献, 徐永士. 融合文本分布式表示的重复缺陷报告检测[J]. 计算机工程与科学, 2021, 43(04): 670-680.