Skip to content

TrapMP: malicious process detection by utilising program phase detection

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hardware and software have failed to securely manage the sensitive elements of cryptographic algorithms in computational environment due to memory contentions. This opened new opportunities for hackers to carry out side channel attacks on a system and steal sensitive data. Existing Side-channel attack techniques show that attackers can exploit the microarchitecture and OS vulnerabilities. The recent Meltdown attack for instance, using Flush+Reload technique, exploits program execution attributes such as “out-of-order execution” to break the logical isolation between the memories and processes. In this paper, we have developed a real-time detection and identification system against side-channel attacks. Unlike previous works, the proposed approach does not rely on synchronisation between the attackers and victims. This is realised by taking a course of program phase analysis, through performance counters, to extract Malicious Loop (ML). Simulation has shown that the proposed approach attained higher accuracy for up to 99% and efficient detection of Flush+Reload activities, through classification methods. Furthermore, the detection process, in native and cloud systems, unlike others, takes shorter execution time without additional costs, and the model benefits from very low overhead performance of approximately less than 1% of the host system.
Original languageEnglish
Title of host publicationProceedings of the 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
EditorsCyril Onwubiko, Xavier Bellekens, Arnau Erola
PublisherInstitute of Electrical and Electronics Engineers
Number of pages8
ISBN (Electronic)978-1-7281-0229-0
ISBN (Print)978-1-7281-0230-6
DOIs
Publication statusPublished - 31 Oct 2019
EventCyber Science 2019 - University of Oxford, Oxford, United Kingdom
Duration: 3 Jun 20194 Jun 2019

Conference

ConferenceCyber Science 2019
CountryUnited Kingdom
CityOxford
Period3/06/194/06/19

Documents

  • TrapMP Malicious Process Detection By Utilising Program Phase Detection-Oxford Conference

    Rights statement: © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

    Accepted author manuscript (Post-print), 428 KB, PDF document

Related information

Relations Get citation (various referencing formats)

ID: 14438233