Research On Hybrid Side-channel Attack Detection Based On Machine Learning

Side-channel attacks(SCAs)is a kind of attack method that obtain sensitive information by using the structures or characteristics of computer system which are easy to cause information leakage.Side-channel attacks have characteristics of high success rate,strong concealment and diversified attack means,which poses a serious threat to computer security.At present,many research teams have proposed detection and defense methods against sidechannel attacks.Among them,detection and defense methods based on machine learning and program behavior analysis are more popular and have higher success rate.These methods mainly analyze and defend against certain specific side-channel attacks.However,in the actual scenario,the threat of side-channel attacks that computer system may face are complex and diverse,or even composed of a mixture of multiple attacks,so it is difficult to achieve the desired effect to defend against a single attack.In view of this situation,this paper innovatively proposes a hybrid side-channel attack detection method based on machine learning.The main research contents of this paper are as follows:1.Hybrid side-channel attack detection method based on machine learningThis paper does a lot of research on the combination of machine learning and sidechannel attack detection,then puts forward the idea of using machine learning to detect hybrid side-channel attack.This paper discusses the defense system all implementation details,including hybrid side-channel attacks program behavior characteristics analysis and extraction,processor performance monitor counters used in the feasibility and concrete method of sidechannel attack detection,training data set construction method,the type of machine learning classifier,etc.Then paper constructs the hybrid side-channel attack in the computer system,so as to simulate the complex security threat that may be encountered in the actual situation.Then the ability of the detection system to accurately analyze and identify hybrid side-channel attacks is explored through experiments,the feasibility of real-time detection of hybrid sidechannel attack and the performance of detection system are verified.The detection effect is analyzed and evaluated comprehensively through various indexes.IV2.Analysis of various possible influences of hybrid side-channel attack detection in practical applicationIn this paper,the factors that may affect the hybrid side-channel attack detection and the possible challenges and difficulties in the practical application of the detection are considered.These include:(1).The impact of system noise.In order to explore the accuracy of detection under ideal conditions,the experiment defaults to no other system process running on the same core with the victim program during detection,but this is difficult to guarantee in practical application,there may be some common programs that are not targeted by side-channel attack running on the same core at the same time in the processor.In this paper,these programs are regarded as system noise,and the accuracy of detection is observed respectively with and without noise,so as to discuss the practicability of hybrid side-channel attack detection in practical applications.(2).Interaction between different types of side channel attacks.The composition of hybrid side-channel attack is obviously different from that of common side-channel attacks.When the threat of hybrid side-channel attack occurs,there may be multiple attacks against the same or different microarchitecture components simultaneously.The detection of side-channel attacks largely depends on the analysis of the hardware state parameters of the processor when the attacker running.However,when multiple side-channel attacks are simultaneously applied to computer systems,they may cause the changes of some processor hardware states together,which may affect the accuracy of attack detection.In this paper,the existence of this effect and the degree of influence on the detection of hybrid side-channel attack are investigated by multi-group comparative experiments.3.Research on the lifting methods of hybrid side-channel attack detectionHybrid side-channel attack detection is affected by some environmental factors in practice.In order to improve the accuracy of detection,enhance the anti-interference ability of detection system and effectiveness in practical application,some effective methods to improve detection performance are proposed based on the in-depth analysis of various influencing factors.In this paper,Some pre-processing methods are used to reduce the noise of the data set,so as to reduce the influence of the system noise on the detection,so that the detection system has stronger anti-interference ability in practical application.Then this paper adjusts the sampling granularity of the processor performance monitoring counter to reduce the interaction between different attacks,further improve the detection accuracy and enhance the overall performance of the detection system.The difficulties and challenges that the hybrid side-channel attack detection system may encounter in practical application are overcome to some extent by the above methods,so that it has better detection performance,stronger practicability and anti-interference ability.In this paper,the complex attack environment that the computer system may face in the actual operation is analyzed,and the real-time detection of hybrid side-channel attack is realized using machine learning method.This paper further explores the feasibility of this kind of detection and its possible influence in practical application,and puts forward the corresponding improvement measures for these influences.The methods proposed in this paper contribute to improving the real-time defense of side-channel attack and ensuring the security of computer system.