Selection of Best Fit Hardware Performance Counters to Detect Cache Side-Channel Attacks

Creative Commons License

Koc M. K., Altılar D. T.

3rd ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, SaT-CPS 2023, held in conjunction with the 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023, North Carolina, United States Of America, 26 April 2023, pp.17-22 identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1145/3579988.3585052
  • City: North Carolina
  • Country: United States Of America
  • Page Numbers: pp.17-22
  • Keywords: cache side-channel attacks, hardware performance counters, real-time attack detection
  • Istanbul Technical University Affiliated: Yes


Cache side-channel attack is a common threat in cloud environments where caches are shared across co-located tenants. Detection of such attacks in real-time before the attack procedure is completed can enable cloud users to come up with a countermeasure and protect their privacy against these kinds of vulnerabilities. In this work, a real-time cache side-channel attack detection system for cloud systems is presented which leverages hardware performance counters. The combination of two neural networks is trained with long-term time sequences collected via hardware performance counters to learn the normal behavior of benign applications so that anomalies caused by attackers can be detected. This paper primarily examines the selection of best fit hardware performance counters for this purpose. Initial experiments are performed and time series feature extraction and selection methods are applied to preliminary results for the analysis.