Behavior-based Cache Attack Detection System

Side channel attack exploits the information leaked by the hardware platform of the executing program to implement the attack.With the developing of side channel attack technology,the danger is constantly improving,and more and more scenarios are available.Cache is a typical side channel attack,it uses the Cache feature of the platform that implements encryption to steal information related to encryption,and can perform attacks to encrypted programs on almost all modern microprocessors.Therefore,Cache attacks are widely used in the field of cryptanalysis and have become a very effective cryptanalysis method.The existing Cache attack detection technology can be divided into two categories by analyzing the software-level features of attacks,the first type analyzed attack behavior characteristics to implement attack detection;the last one performed attack detection through machine learning anomaly detection methods.These detection techniques can achieve detection of Cache attacks to some extent,but there are limitations.In this paper,a behavior-based Cache attack technique is proposed,which analyzes the Cache access behavior when Cache attacks are implemented and combines machine learning techniques to detect Cache attacks.The main work contained in the paper is as follows:(1)This paper designs and implements an effective Cache attack detection system.According to the difference of process access Cache behavior between the attack process and benign,the process running on the system is divided into benign and attack processes,so as to achieve detection of the Cache attack.(2)In order to accurately obtain the behavior of the attack process and the benign process accessing the Cache,this paper uses a hardware event to characterize the behavior of the process accessing the Cache,and programs the hardware performance counter to achieve the collection and monitoring of hardware performance event.(3)In order to detect Cache attacks effectively and automatically,this paper adopts BP neural network classification algorithm to train the classification model,through multiple experiments with actual data samples,the optimal BP network algorithm parameters are selected and the BP network algorithm is optimized to improve the accuracy of the classification detection.In the analysis of experimental results,the effectiveness of the detection system was verified by comparing the detection effectiveness of the existing two detection methods;the load of the detection system was evaluated,and the feasibility of the system was verified.