The number of micro-architectural attacks increase gradually, which affects the security of the computers, databases, cloud systems and so on. Since it is difficult to patch the leakages for every attack, we introduce a generic dynamic detection tool. To build the detection tool, we collect the data from system-wide performance counters and train the detection model by using unsupervised RNN techniques.

Offline Phase: 

  • Choose performance counters
  • Collect the benign execution data
  • Train the LSTM/GRU model

Online Phase:

  • Collect real-time data
  • Detect the outliers using trained model

We compare our results with previous techniques in the case of system-wide profiling, and we have the highest F-score with a value of 0.9970.

FortuneTeller shows that decent Deep Learning techniques can improve the detection rate in a noisy environment. We detect existing micro-architectural attacks (Spectre, Meltdown, ZombieLoad, cache attacks and Rowhammer) with a very high accuracy.

Complete work can be read from here.