The increasing complexity of modern microprocessors created new attack areas. Attackers exploit these areas using Software Attacks Targeting Hardware Vulnerabilities (SATHV) such as Cache Side-Channel, Spectre, and Rowhammer attacks. These attacks target the microarchitecture to extract privileged information. As their target is the hardware, antivirus programs cannot detect them. But, they modify the normal behavior of the microarchitecture. Modern systems are equipped with hardware performance counters (HPCs), which measure events related to hardware components. Designers can take advantage of these counters to monitor and protect the system. In the literature, there exist many solutions that use HPCs to detect SATHV. But, due to the limited number of counters, proposed solutions only protect the microprocessor against a limited set of SATHV. In contrast, we propose MaDMAN, a Malware Detector, which gathers information from HPCs to detect a large set of SATHV. MaDMAN uses a Logistic Regression classifier. In our threat model, we include Cache Side-Channel, Rowhammer, and Spectre SATHV. Our detection mechanism succeeds to detect these attacks with 98.96% accuracy, 96.3% F-score, and 0% false positive rate. In addition, MaDMAN works in noisy environments and can detect successfully evasive malware.
We are seeing an increase in cybersecurity attacks on resource-constrained systems such as the Internet of Things (IoT) and Industrial IoT (IIoT) devices. Recently, a new category of attacks has emerged called microarchitectural attacks. It targets hardware units of the system such as the processor or memory and is often complicated if not impossible to remediate since it imposes modifying the hardware. In default of remediation, some solutions propose to detect these attacks. Yet, most of them are not suitable for embedded systems since they are based on complex machine learning algorithms.In this paper, we propose an edge-computing security solution for attack detection that uses a local-remote machine learning implementation to find an equilibrium between accuracy and decision-making latency while addressing the memory, performance, and communication bandwidth constraints of resource-constrained systems. We demonstrate effectiveness in the detection of multiple microarchitectural attacks such as Rowhammer or cache attacks on an embedded device with an accuracy of 98.75% and a FPR near 0%. To limit the overhead on the communication bus, the proposed solution filters 99% of the samples during normal operation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.