Abstract

This paper presents a run-time detection mechanism for access-driven cache-based Side-Channel Attacks (CSCAs) on Intel's ×86 architecture. We demonstrate the detection capability and effectiveness of proposed mechanism on Prime+Probe attcks. The mechanism comprises of multiple machine learning models, which use real-time data from the HPCs for detection. Experiments are performed with two different implementations of AES cryptosystem while under Prime+Probe attack. We provide results under stringent design constraints such as: realistic system load conditions, real-time detection accuracy, speed, system-wide performance overhead and distribution of error (i.e., false positives and negatives) for the used machine learning models. Our results show detection accuracy of > 99% for Prime+Probe attack with performance overhead of 3-4% at the highest detection speed, i.e., within 1-2% completion of 4800 AES encryption rounds needed to complete a successful attack.