TrapMP: malicious process detection by utilising program phase detection

Zirak Allaf, Mo Adda, Alexander Gegov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

174 Downloads (Pure)


Hardware and software have failed to securely manage the sensitive elements of cryptographic algorithms in computational environment due to memory contentions. This opened new opportunities for hackers to carry out side channel attacks on a system and steal sensitive data. Existing Side-channel attack techniques show that attackers can exploit the microarchitecture and OS vulnerabilities. The recent Meltdown attack for instance, using Flush+Reload technique, exploits program execution attributes such as “out-of-order execution” to break the logical isolation between the memories and processes. In this paper, we have developed a real-time detection and identification system against side-channel attacks. Unlike previous works, the proposed approach does not rely on synchronisation between the attackers and victims. This is realised by taking a course of program phase analysis, through performance counters, to extract Malicious Loop (ML). Simulation has shown that the proposed approach attained higher accuracy for up to 99% and efficient detection of Flush+Reload activities, through classification methods. Furthermore, the detection process, in native and cloud systems, unlike others, takes shorter execution time without additional costs, and the model benefits from very low overhead performance of approximately less than 1% of the host system.
Original languageEnglish
Title of host publicationProceedings of the 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
EditorsCyril Onwubiko, Xavier Bellekens, Arnau Erola
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages8
ISBN (Electronic)978-1-7281-0229-0
ISBN (Print)978-1-7281-0230-6
Publication statusPublished - 31 Oct 2019
EventCyber Science 2019 - University of Oxford, Oxford, United Kingdom
Duration: 3 Jun 20194 Jun 2019


ConferenceCyber Science 2019
Country/TerritoryUnited Kingdom


Dive into the research topics of 'TrapMP: malicious process detection by utilising program phase detection'. Together they form a unique fingerprint.

Cite this