A deep dive into novel hardware performance counters and how we use ML to sift through them.
Hardware Performance Counters constitute a treasure trove of data, which surprisingly remains pretty much untouched by modern research, except for a few well known counters. In recent years, exploits like Spectre and Rowhammer and general techniques like Return Oriented Programming (ROP) were detected using hardware performance counters (HPCs). But to date, only relatively simple and well-understood counters have been used, representing just a tiny fraction of the information we can glean from the system.
In this webinar, we’ll show how we used ML to find non-intuitive counters to build much more effective detection models against cache side channel attacks than ones previously tested in the industry. These new models are more accurate than prior cache-miss based models, and harder for attackers to bypass. We’ll also discuss the undocumented performance counters that we found as part of our Blackhat 2020 research, and the various attacks that models built with them could detect.