netidee
From Microarchitectural Traces to Detection
Catching Sneaky Cyber Attacks by Watching How Computers Behave (26.05.2025)
Förderjahr 2024 / Stipendium Call #19 / ProjektID: 7276 / Projekt: Attack Detection using Micro-architectural Traces and Machine Learning

This post outlines what makes our approach different, and why we believe this combination offers a powerful, efficient way to detect and understand emerging microarchitectural threats.

Most cyberattacks leave digital footprints such as logs, alerts, or suspicious activity you can track. But some attacks are much sneakier. They don't leave obvious signs in software. Instead, they exploit the way computer hardware works deep inside the system.

These are called side-channel attacks , and while they're quiet, they're not invisible.

How We Spot the Invisible

Even the stealthiest attack leaves behind small traces in the way your computer behaves, like tiny changes in how it uses memory or handles instructions. We tap into those traces using microarchitectural traces from hardware performance counters (HPCs), which are available in all modern processors that count things like missed memory accesses or unusual instruction flows and show patterns that help us detect unusual behaviors. 

framwork

Our Method: Learning from Hardware Behavior

Instead of looking for only specific known attacks, our model learns how to distinguish between benign and attack processes. Here's how it works:

  1. Collecting Data We captured hardware activity during both normal workloads ranging from light to intensive workloads and when simulated attacks happened in a controlled environment.

  2. Finding the Right Traces We use statistics to find which hardware patterns are most useful in telling normal from abnormal behavior by selecting the best-performing hardware performance counters for the detection task. 

  3. Training Our Models With machine learning (including ensemble methods and deep learning), we train our model to recognize suspicious behavior in real-time.

  4. Detecting Unknown Threats Because our system learns behavior—not specific attacks—it can even flag new types of threats that haven't been seen before.

Why This Matters

Cyber ​​threats are evolving fast, and many go undetected by traditional tools. By paying attention to the hardware itself, we get an early detection model that catches what others miss.

If you're in cybersecurity, hardware development, or machine learning, we'd love to connect. The more perspectives, the stronger the defenses.

We're just getting started. Stay tuned; We'll be publishing detailed technical findings, datasets, and results from our model soon. 

Tags:

Machine Learning Security attack detection side channel Spectre Rowhammer Zombieload

Mai AL-Zu´bi

Female avatar
CAPTCHA
Diese Frage dient der Überprüfung, ob Sie ein menschlicher Besucher sind und um automatisierten SPAM zu verhindern.

    Weitere Blogbeiträge

    SCA

    Side-Channel Attacks

    Modern technology makes our lives easier, but it also comes with hidden risks. One such danger is side-channel attacks. a type of cyber threat that targets the hardware in your devices rather than breaking into software. These attacks exploit subtle ...