scholarly journals Specularizer : Detecting Speculative Execution Attacks via Performance Tracing

2021 ◽  
pp. 151-172
Author(s):  
Wubing Wang ◽  
Guoxing Chen ◽  
Yueqiang Cheng ◽  
Yinqian Zhang ◽  
Zhiqiang Lin
Keyword(s):  
Machine Learning Techniques ◽  
Speculative Execution ◽  
Side Channel ◽  
Detection Accuracy ◽  
Performance Counters ◽  
Side Channels ◽  
Learning Techniques ◽  
Hardware Performance Counters ◽  
Critical Paths ◽  
Detection Mechanisms

AbstractThis paper presents Specularizer, a framework for uncovering speculative execution attacks using performance tracing features available in commodity processors. It is motivated by the practical difficulty of eradicating such vulnerabilities in the design of CPU hardware and operating systems and the principle of defense-in-depth. The key idea of Specularizer is the use of Hardware Performance Counters and Processor Trace to perform lightweight monitoring of production applications and the use of machine learning techniques for identifying the occurrence of the attacks during offline forensics analysis. Different from prior works that use performance counters to detect side-channel attacks, Specularizer monitors triggers of the critical paths of the speculative execution attacks, thus making the detection mechanisms robust to different choices of side channels used in the attacks. To evaluate Specularizer, we model all known types of exception-based and misprediction-based speculative execution attacks and automatically generate thousands of attack variants. Experimental results show that Specularizer yields superior detection accuracy and the online tracing of Specularizer incur reasonable overhead.

scholarly journals CacheHawkeye: Detecting Cache Side Channel Attacks Based on Memory Events

2022 ◽  
Vol 14 (1) ◽  
pp. 24
Author(s):  
Hui Yan ◽  
Chaoyuan Cui
Keyword(s):  
Good Accuracy ◽  
Memory Access ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Performance Counters ◽  
Secret Information ◽  
Hardware Performance Counters ◽  
Hardware Performance

Cache side channel attacks, as a type of cryptanalysis, seriously threaten the security of the cryptosystem. These attacks continuously monitor the memory addresses associated with the victim’s secret information, which cause frequent memory access on these addresses. This paper proposes CacheHawkeye, which uses the frequent memory access characteristic of the attacker to detect attacks. CacheHawkeye monitors memory events by CPU hardware performance counters. We proved the effectiveness of CacheHawkeye on Flush+Reload and Flush+Flush attacks. In addition, we evaluated the accuracy of CacheHawkeye under different system loads. Experiments demonstrate that CacheHawkeye not only has good accuracy but can also adapt to various system loads.

scholarly journals Detection of Security Attacks in Industrial IoT Networks: A Blockchain and Machine Learning Approach

Electronics ◽  
2021 ◽  
Vol 10 (21) ◽  
pp. 2662
Author(s):  
Henry Vargas ◽  
Carlos Lozano-Garzon ◽  
Germán A. Montoya ◽  
Yezid Donoso
Keyword(s):  
Machine Learning ◽  
Information Transfer ◽  
Machine Learning Techniques ◽  
Protection Mechanism ◽  
Secure Information ◽  
Learning Techniques ◽  
Industrial Iot ◽  
Machine Learning Approach ◽  
Detection Mechanisms ◽  
Viable Mechanism

Internet of Things (IoT) networks have been integrated into industrial infrastructure schemes, positioning themselves as devices that communicate highly classified information for the most critical companies of world nations. Currently, and in order to look for alternatives to mitigate this risk, solutions based on Blockchain algorithms and Machine Learning techniques have been implemented separately with the aim of mitigating potential threats in IIoT networks. In this paper, we sought to integrate the previous solutions to create an integral protection mechanism for IoT device networks, which would allow the identification of threats, activate secure information transfer mechanisms, and it would be adapted to the computational capabilities of industrial IoT. The proposed solution achieved the proposed objectives and is presented as a viable mechanism for detecting and containing intruders in an IoT network. In some cases, it overcomes traditional detection mechanisms such as an IDS.

scholarly journals Steel Bar Counting from Images with Machine Learning

Electronics ◽  
2021 ◽  
Vol 10 (4) ◽  
pp. 402
Author(s):  
Ana Caren Hernández-Ruiz ◽  
Javier Alejandro Martínez-Nieto ◽  
Julio David Buldain-Pérez
Keyword(s):  
Machine Learning ◽  
Steel Industry ◽  
Machine Learning Techniques ◽  
Detection Accuracy ◽  
Network Distance ◽  
Learning Techniques ◽  
Steel Bar ◽  
Steel Bars ◽  
Counting Time ◽  
Human Labour

Counting has become a fundamental task for data processing in areas such as microbiology, medicine, agriculture and astrophysics. The proposed SA-CNN-DC (Scale Adaptive—Convolutional Neural Network—Distance Clustering) methodology in this paper is designed for automated counting of steel bars from images. Its design consists of two Machine Learning techniques: Neural Networks and Clustering. The system has been trained to count round and squared steel bars, obtaining an average detection accuracy of 98.81% and 98.57%, respectively. In the steel industry, counting steel bars is a time consuming task which highly relies on human labour and is prone to errors. Reduction of counting time and resources, safety and productivity of employees and high confidence of the inventory are some of the advantages of the proposed methodology in a steel warehouse.

scholarly journals Parallel processing using big data and machine learning techniques for intrusion detection

2020 ◽  
Vol 9 (3) ◽  
pp. 553
Author(s):  
Alaeddine Boukhalfa ◽  
Nabil Hmina ◽  
Habiba Chaoni
Keyword(s):  
Machine Learning ◽  
Big Data ◽  
Processing Time ◽  
Machine Learning Algorithms ◽  
Machine Learning Techniques ◽  
Detection Accuracy ◽  
New Approach ◽  
Learning Techniques ◽  
Proposed Model ◽  
Multiple Devices

Currently, information technology is used in all the life domains, multiple devices produce data and transfer them across the network, these transfers are not always secured, they can contain new menaces invisible by the current security devices. Moreover, the large amount and variety of the exchanged data cause difficulties related to the detection time. To solve these issues, we suggest in this paper, a new approach based on storing the large amount and variety of network traffic data employing Big Data techniques, and analyzing these data with Machine Learning algorithms, in a distributed and parallel way, in order to detect new hidden intrusions with less processing time. According to the results of the experiments, the detection accuracy of the Machine Learning methods reaches 99.9 %, and their processing time has been reduced considerably by applying them in a parallel and distributed way, which proves that our proposed model is effective for the detection of new intrusions.

scholarly journals A Novel Approach for Detecting DGA-Based Botnets in DNS Queries Using Machine Learning Techniques

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Ali Soleymani ◽  
Fatemeh Arabgol
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Text Mining ◽  
Machine Learning Algorithms ◽  
Machine Learning Techniques ◽  
Support Vector ◽  
Detection Accuracy ◽  
Domain Name ◽  
Botnet Detection ◽  
Learning Techniques

In today’s security landscape, advanced threats are becoming increasingly difficult to detect as the pattern of attacks expands. Classical approaches that rely heavily on static matching, such as blacklisting or regular expression patterns, may be limited in flexibility or uncertainty in detecting malicious data in system data. This is where machine learning techniques can show their value and provide new insights and higher detection rates. The behavior of botnets that use domain-flux techniques to hide command and control channels was investigated in this research. The machine learning algorithm and text mining used to analyze the network DNS protocol and identify botnets were also described. For this purpose, extracted and labeled domain name datasets containing healthy and infected DGA botnet data were used. Data preprocessing techniques based on a text-mining approach were applied to explore domain name strings with n-gram analysis and PCA. Its performance is improved by extracting statistical features by principal component analysis. The performance of the proposed model has been evaluated using different classifiers of machine learning algorithms such as decision tree, support vector machine, random forest, and logistic regression. Experimental results show that the random forest algorithm can be used effectively in botnet detection and has the best botnet detection accuracy.

scholarly journals SpecSafe: detecting cache side channels in a speculative world

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-28
Author(s):  
Robert Brotzman ◽  
Danfeng Zhang ◽  
Mahmut Taylan Kandemir ◽  
Gang Tan
Keyword(s):  
Program Transformation ◽  
Speculative Execution ◽  
Side Channel ◽  
Side Channel Attacks ◽  
False Negatives ◽  
High Profile ◽  
Side Channels ◽  
Confidential Data ◽  
Definition Of ◽  
Semantic Definition

The high-profile Spectre attack and its variants have revealed that speculative execution may leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data. However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels. Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.

Inferring DNN layer-types through a Hardware Performance Counters based Side Channel Attack

2021 ◽  
Author(s):  
Bhargav Achary Dandpati Kumar ◽  
Sai Chandra Teja R ◽  
Sparsh Mittal ◽  
Biswabandan Panda ◽  
C. Krishna Mohan
Keyword(s):  
Side Channel ◽  
Side Channel Attack ◽  
Performance Counters ◽  
Hardware Performance Counters ◽  
Hardware Performance
Sign in / Sign up

Export Citation Format

Share Document