FortuneTeller: Predicting Microarchitectural Attacks via Unsupervised Deep Learning

07/08/2019
by   Berk Gulmezoglu, et al.
0

The growing security threat of microarchitectural attacks underlines the importance of robust security sensors and detection mechanisms at the hardware level. While there are studies on runtime detection of cache attacks, a generic model to consider the broad range of existing and future attacks is missing. Unfortunately, previous approaches only consider either a single attack variant, e.g. Prime+Probe, or specific victim applications such as cryptographic implementations. Furthermore, the state-of-the art anomaly detection methods are based on coarse-grained statistical models, which are not successful to detect anomalies in a large-scale real world systems. Thanks to the memory capability of advanced Recurrent Neural Networks (RNNs) algorithms, both short and long term dependencies can be learned more accurately. Therefore, we propose FortuneTeller, which for the first time leverages the superiority of RNNs to learn complex execution patterns and detects unseen microarchitectural attacks in real world systems. FortuneTeller models benign workload pattern from a microarchitectural standpoint in an unsupervised fashion, and then, it predicts how upcoming benign executions are supposed to behave. Potential attacks and malicious behaviors will be detected automatically, when there is a discrepancy between the predicted execution pattern and the runtime observation. We implement FortuneTeller based on the available hardware performance counters on Intel processors and it is trained with 10 million samples obtained from benign applications. For the first time, the latest attacks such as Meltdown, Spectre, Rowhammer and Zombieload are detected with one trained model and without observing these attacks during the training. We show that FortuneTeller achieves F-score of 0.9970.

READ FULL TEXT
research
02/11/2018

MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols

The recent Meltdown and Spectre attacks highlight the importance of auto...
research
05/31/2022

MAD-EN: Microarchitectural Attack Detection through System-wide Energy Consumption

Microarchitectural attacks have become more threatening the hardware sec...
research
05/16/2019

Finding Rats in Cats: Detecting Stealthy Attacks using Group Anomaly Detection

Advanced attack campaigns span across multiple stages and stay stealthy ...
research
06/06/2023

TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors (Technical Report)

Platforms are nowadays typically equipped with tristed execution environ...
research
05/24/2019

Tiresias: Predicting Security Events Through Deep Learning

With the increased complexity of modern computer attacks, there is a nee...
research
12/24/2022

Efficiently Hardening SGX Enclaves against Memory Access Pattern Attacks via Dynamic Program Partitioning

Intel SGX is known to be vulnerable to a class of practical attacks expl...
research
11/27/2018

Undermining User Privacy on Mobile Devices Using AI

Over the past years, literature has shown that attacks exploiting the mi...

Please sign up or login with your details

Forgot password? Click here to reset