Real time Detection of Spectre and Meltdown Attacks Using Machine Learning

TL;DR

This paper introduces a real-time detection system for Spectre and Meltdown CPU attacks using hardware performance counters and machine learning, achieving over 99% accuracy while maintaining system performance.

Contribution

It presents a novel machine learning-based approach for real-time detection of speculative execution attacks leveraging hardware and software event monitoring.

Findings

Detects Spectre and Meltdown attacks with over 99% accuracy

Uses hardware performance counters and machine learning models

Operates effectively under realistic system load conditions

Abstract

Recently discovered Spectre and meltdown attacks affects almost all processors by leaking confidential information to other processes through side-channel attacks. These vulnerabilities expose design flaws in the architecture of modern CPUs. To fix these design flaws, it is necessary to make changes in the hardware of modern processors which is a non-trivial task. Software mitigation techniques for these vulnerabilities cause significant performance degradation. In order to mitigate against Spectre and Meltdown attacks while retaining the performance benefits of modern processors, in this paper, we present a real-time detection mechanism for Spectre and Meltdown attacks by identifying the misuse of speculative execution and side-channel attacks. We use hardware performance counters and software events to monitor activity related to speculative execution, branch prediction, and cache interference. We use various machine learning models to analyze these events. These events produce a very distinctive pattern while the system is under attack; machine learning models are able to detect Meltdown and Spectre attacks under realistic load conditions with an accuracy of over 99%.