Jiangyong Shi, Ping Kuang, Yongjun Wang, Yuexiang Yang
{"title":"云计算中检测侧信道攻击的两阶段开箱即用方法","authors":"Jiangyong Shi, Ping Kuang, Yongjun Wang, Yuexiang Yang","doi":"10.1109/CSP55486.2022.00035","DOIUrl":null,"url":null,"abstract":"In this paper, we proposed a two-stage out-of-box method for detecting side-channel attacks in cloud computing. The method detects side-channel attacks from outside of the virtual machine, utilizing hardware support of performance events and hypervisor's ability to introspect the virtual machine, which is robust and stealthy to attackers. By utilizing information of hardware performance counters to train a classification model, we can quickly locate the suspicious attacking virtual machine with 96.7% of precision and 95% of recall rate. By adjusting the sampling duration and interval, we can get a F1-score of 98.9%. By utilizing virtual machine introspection method to extract syscall information of suspicious virtual machine, we can precisely locate the suspicious process. Experiments demonstrate our method's effectiveness in detecting cache side-channel attacks.","PeriodicalId":187713,"journal":{"name":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","volume":"305 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Two-Stage Out-Of-Box Method for Detecting Side-Channel Attacks in Cloud Computing\",\"authors\":\"Jiangyong Shi, Ping Kuang, Yongjun Wang, Yuexiang Yang\",\"doi\":\"10.1109/CSP55486.2022.00035\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we proposed a two-stage out-of-box method for detecting side-channel attacks in cloud computing. The method detects side-channel attacks from outside of the virtual machine, utilizing hardware support of performance events and hypervisor's ability to introspect the virtual machine, which is robust and stealthy to attackers. By utilizing information of hardware performance counters to train a classification model, we can quickly locate the suspicious attacking virtual machine with 96.7% of precision and 95% of recall rate. By adjusting the sampling duration and interval, we can get a F1-score of 98.9%. By utilizing virtual machine introspection method to extract syscall information of suspicious virtual machine, we can precisely locate the suspicious process. Experiments demonstrate our method's effectiveness in detecting cache side-channel attacks.\",\"PeriodicalId\":187713,\"journal\":{\"name\":\"2022 6th International Conference on Cryptography, Security and Privacy (CSP)\",\"volume\":\"305 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 6th International Conference on Cryptography, Security and Privacy (CSP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSP55486.2022.00035\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 6th International Conference on Cryptography, Security and Privacy (CSP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSP55486.2022.00035","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Two-Stage Out-Of-Box Method for Detecting Side-Channel Attacks in Cloud Computing
In this paper, we proposed a two-stage out-of-box method for detecting side-channel attacks in cloud computing. The method detects side-channel attacks from outside of the virtual machine, utilizing hardware support of performance events and hypervisor's ability to introspect the virtual machine, which is robust and stealthy to attackers. By utilizing information of hardware performance counters to train a classification model, we can quickly locate the suspicious attacking virtual machine with 96.7% of precision and 95% of recall rate. By adjusting the sampling duration and interval, we can get a F1-score of 98.9%. By utilizing virtual machine introspection method to extract syscall information of suspicious virtual machine, we can precisely locate the suspicious process. Experiments demonstrate our method's effectiveness in detecting cache side-channel attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
