Abstract
Modern micro-architectural attacks use a variety of building blocks chained to develop a final exploit. However, since in most cases, the footprint of such attacks is not visible architecturally (like, in the file-system), it becomes trickier to defend against these. In light of this, several automated defence mechanisms use Hardware Performance Counters (HPCs) detect when the micro-architectural elements are being misused for a potential attacks (like flush-reload, Spectre, Meltdown etc.). In order to bypass such defences, recent works have proposed the idea of “probabilistic interleaving”: the adversary interleaves the actual attack code with benign code with very low frequency. Such a strategy tips off the HPCs used for detection with a lot of unnecessary noise; recent studies have shown that probabilistically interleaved attacks can achieve an attack evasion rate of 100% (i.e. are virtually undetectable). In this work, we contend this folklore. We develop a theoretical model of interleaved attacks using lightweight statistical tools like Gaussian Mixture Models and Dip Test for Unimodality and prove they are detectable for the correct choices of HPCs. Furthermore, we also show possible defence strategy against a stronger threat model than considered in literature: where the attacker interleaves multiple attacks instead of a single attack. Empirically, to instantiate our detector, in contrast to prior detection strategies, we choose LLMs for a number of reasons: (1) LLMs can easily contextualize data from a larger set of HPCs than generic machine learning techniques, and (2) with simple prompts, LLMs can quickly switch between different statistical analysis methods. To this end, we develop an LLM-based methodology to detect probabilistically interleaved attacks. Our experiments establish that our improved methodology is able to achieve \(100\%\) speculative attacks like Spectre v1/v2/v3, Meltdown, and Spectre v2 (with improved gadgets that even evade recent protections like Enhanced IBRS, IBPB conditional, and so on). This makes our methodology suitable for detecting speculative attacks in a non-profiled setting: where attack signatures might not be known in advance. All in all, we achieve a 100% attack detection rate, even with very low interleave frequencies (i.e. \(10^{-6}\)). Our detection principle and its instantiation through LLMs shows how probabilistically interleaving attack code in benign execution is not a perfect strategy, and more research is still needed into developing and countering better attack evasion strategies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
https://perfmon-events.intel.com/.
- 2.
Similar HPC counterparts exist for other vendors as well, like AMD.
- 3.
This with without loss of generality. A similar argument holds on other systems (like AMD) as well.
- 4.
https://perfmon-events.intel.com/ ; Alder Lake and Sapphire Rapids.
- 5.
https://perfmon-events.intel.com/.
- 6.
Actual deployment of the detection mechanism is only using INST_RETIRED.ANY, for reasons detailed in Sect. 3.1.
- 7.
The bimodal nature of interleaved() is software-agnostic because of the choice of HPCs, that do not enforce any assumptions on software. As such, this phenomenon is true when benign() executes SPEC2017, which is the actual benign() implementation in [13]. Refer Sect. 5 for details on runs through SPEC2017.
- 8.
The probability that x belongs to the i-th Gaussian in p.
- 9.
Note that the widely used Welch’s t-test is unsuitable here, as it assumes unimodal normality in source distribution.
- 10.
For example, a real deployment of detection would like to detect both state-of-the-art legacy cache side-channel attacks, as well as interleaved attacks. Thus such detectors would need to switch between
statistical tests,
data sources (HPCs),
detection intervals, and
other parameters to effectively operate. While such a combined detector is essentially programmable in a high-level programming language, using LLMs allows abstracting out much inner details, allowing for an easier operational interface for the end-user.
statistical tests,
data sources (HPCs),
detection intervals, and
other parameters to effectively operate. While such a combined detector is essentially programmable in a high-level programming language, using LLMs allows abstracting out much inner details, allowing for an easier operational interface for the end-user.References
Ahmad, B.A.: Detecting Spectre and Meltdown Attacks Using Hardware Performance Counters and Machine Learning. Ph.D. thesis, PhD thesis. University of the Punjab (2019)
Akram, A., Mushtaq, M., Bhatti, M.K., Lapotre, V., Gogniat, G.: Meet the sherlock holmes’ of side channel leakage: A survey of cache sca detection techniques. IEEE Access 8, 70836–70860 (2020)
Aldaya, A.C., Brumley, B.B., ul Hassan, S., García, C.P., Tuveri, N.: Port contention for fun and profit. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 870–887. IEEE (2019)
Aweke, Z.B., et al.: Anvil: software-based protection against next-generation rowhammer attacks. ACM SIGPLAN Notices 51(4), 743–755 (2016)
Chakraborty, A., Mishra, N., Mukhopadhyay, D.: Shesha: multi-head microarchitectural leakage discovery in new-generation intel processors. arXiv preprint arXiv:2406.06034 (2024)
Eresheim, S., Luh, R., Schrittwieser, S.: The evolution of process hiding techniques in malware-current threats and possible countermeasures. J. Inf. Process. 25, 866–874 (2017)
Genkin, D., Poussier, R., Sim, R.Q., Yarom, Y., Zhao, Y.: Cache vs. key-dependency: side channeling an implementation of pilsung. IACR Transactions on Cryptographic Hardware and Embedded Systems pp. 231–255 (2020)
Gonzalez-Gomez, J., Bauer, L., Henkel, J.: Cache-based side-channel attack mitigation for many-core distributed systems via dynamic task migration. IEEE Trans. Inf. Forensics Secur. 18, 2440–2450 (2023)
Gullasch, D., Bangerter, E., Krenn, S.: Cache games–bringing access-based cache attacks on AES to practice. In: 2011 IEEE Symposium on Security and Privacy, pp. 490–505. IEEE (2011)
Gulmezoglu, B., Zankl, A., Tol, M.C., Islam, S., Eisenbarth, T., Sunar, B.: Undermining user privacy on mobile devices using AI. In: Proceedings of the 2019 ACM ASIA Conference on Computer and Communications Security, pp. 214–227 (2019)
Hartigan, J.A., Hartigan, P.M.: The dip test of unimodality. Ann. Stat. 70–84 (1985)
Kocher, P., et al.: Spectre attacks: exploiting speculative execution. Commun. ACM 63(7), 93–101 (2020)
Kosasih, W., Feng, Y., Chuengsatiansup, C., Yarom, Y., Zhu, Z.: Sok: can we really detect cache side-channel attacks by monitoring performance counters? In: AsiaCCS (2024)
Lipp, M., et al.: Meltdown: reading kernel memory from user space. Commun. ACM 63(6), 46–56 (2020)
Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy, pp. 605–622. IEEE (2015)
Moghimi, D.: Downfall: exploiting speculative data gathering. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 7179–7193 (2023)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_1
Ragab, H., Barberis, E., Bos, H., Giuffrida, C.: Rage against the machine clear: a systematic analysis of machine clears and their implications for transient execution attacks. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 1451–1468 (2021)
Yarom, Y., Falkner, K.: \(\{\)FLUSH+ RELOAD\(\}\): a high resolution, low noise, l3 cache \(\{\)Side-Channel\(\}\) attack. In: 23rd USENIX security symposium (USENIX security 14), pp. 719–732 (2014)
Yarom, Y., Genkin, D., Heninger, N.: Cachebleed: a timing attack on openssl constant-time RSA. J. Cryptogr. Eng. 7, 99–112 (2017)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on Computer and Communications Security, pp. 305–316 (2012)
Acknowledgment
The authors would like to thank the reviewers for their suggestions for improving the paper. They would also like to thank the Department of Science and Technology (DST), Govt of India, IHUB NTIHAC Foundation, C3i Building, Indian Institute of Technology Kanpur, and Centre on Hardware-Security Entrepreneurship Research and Development, MeitY, Govt of India, for partially funding this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mandal, U., Kalundia, R., Mishra, N., Shukla, S., Bhattacharya, S., Mukhopadhyay, D. (2025). “There’s Always Another Counter”: Detecting Micro-Architectural Attacks in a Probabilistically Interleaved Malicious/Benign Setting. In: Knechtel, J., Chatterjee, U., Forte, D. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2024. Lecture Notes in Computer Science, vol 15351. Springer, Cham. https://doi.org/10.1007/978-3-031-80408-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-80408-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-80407-6
Online ISBN: 978-3-031-80408-3
eBook Packages: Computer ScienceComputer Science (R0)