The number of micro-architectural attacks increase gradually, which affects the security of the computers, databases, cloud systems and so on. Since it is difficult to patch the leakages for every attack, we introduce a generic dynamic detection tool. To build the detection tool, we collect the data from system-wide performance counters and train the detection model by using unsupervised RNN techniques.
Offline Phase:
- Choose performance counters
- Collect the benign execution data
- Train the LSTM/GRU model
Online Phase:
- Collect real-time data
- Detect the outliers using trained model
We compare our results with previous techniques in the case of system-wide profiling, and we have the highest F-score with a value of 0.9970.
FortuneTeller shows that decent Deep Learning techniques can improve the detection rate in a noisy environment. We detect existing micro-architectural attacks (Spectre, Meltdown, ZombieLoad, cache attacks and Rowhammer) with a very high accuracy.
Complete work can be read from here.