Compute node security
US-10565129-B2 · Feb 18, 2020 · US
Side-channel attack detection using hardware performance counters
US11194902B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11194902-B2 |
| Application number | US-201816234085-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 27, 2018 |
| Priority date | Dec 27, 2018 |
| Publication date | Dec 7, 2021 |
| Grant date | Dec 7, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.
First claim
Opening claim text (preview).
What is claimed: 1. A side-channel attack detection system comprising: a plurality of hardware performance counters (HPCs) to be coupled to processor circuitry; hardware performance anomaly detection circuitry to: as the processor circuitry executes at least one side-channel attack detection instruction set: collect information representative of a side-channel attack dataset for each of the plurality of HPCs; detect, based on the information, whether said each of the plurality of HPCs demonstrates anomalous activity in response to a side-channel attack; select at least one HPC of the plurality of HPCs for inclusion in a side-channel attack detection HPC sub-set based on a reliability of anomalous activity of the at least one HPC; and cause communication to one or more processor-based devices external to the side-channel attack detection system data indicative of the HPC sub-set, the data indicative of the HPC sub-set to be used by the one or more devices to detect a side-channel attack using HPC data collected from only the HPC sub-set. 2. The side-channel attack detection system of claim 1 , the hardware performance anomaly detection circuitry to further: collect information representative of a baseline dataset for each of a plurality of HPCs as the processor circuitry executes at least one application instruction set. 3. The side-channel attack detection system of claim 2 , the hardware performance anomaly detection circuitry to further: collect information representative of a side-channel attack dataset for each of a plurality of HPCs as the processor circuitry contemporaneously executes at least one side-channel attack detection instruction set and the at least one application instruction set. 4. The side-channel attack detection system of claim 3 , wherein the hardware performance anomaly detection circuitry includes data collection circuitry to: collect information representative of the side-channel attack dataset for each of the plurality of HPCs as the processor circuitry contemporaneously executes the at least one side-channel attack detection instruction set and the at least one application instruction set; and collect information representative of a baseline dataset for each of the plurality of HPCs as the processor circuitry executes at least one application instruction set. 5. The side-channel attack detection system of claim 4 , wherein the hardware performance anomaly detection circuitry includes time series feature extraction circuitry to: convert the baseline dataset from each of the plurality of HPCs from a time domain to a time/frequency domain; and convert the side-channel attack dataset for each of the plurality of HPCs from the time domain to the time/frequency domain. 6. The side-channel attack detection system of claim 3 , wherein the time feature extraction circuitry comprises Haar wavelet transform circuitry. 7. The side-channel attack detection system of claim 4 , wherein the hardware performance anomaly detection circuitry includes anomaly detection circuitry to: detect whether said each of the plurality of HPCs demonstrates anomalous activity based on a deviation between the baseline dataset and the side-channel attack dataset for each of the plurality of HPCs. 8. The side: channel attack detection system of claim 5 , wherein the anomaly detection circuitry comprises: one-class support vector anomaly detection circuitry. 9. The side-channel attack detection system of claim 5 , wherein the hardware performance anomaly detection circuitry includes hardware performance counter identification circuitry to: detect whether each of the plurality of HPCs demonstrates anomalous activity based on the deviation between the baseline dataset and the side-channel attack dataset for each of the plurality of HPCs. 10. The side-channel attack detection system of claim 1 , further comprising the processor circuitry and input/output (I/O) interface circuitry, wherein the processor circuitry is to: generate an output signal that includes the data indicative of the HPC sub-set; and communicate the data indicative of the HPC sub-set by sending the output signal to the one or more external devices using the I/O interface circuitry. 11. A side-channel attack detection method, comprising: as a processor circuitry executes at least one side-channel attack instruction set: collecting; by hardware performance anomaly detection circuitry coupled to the processor circuitry, information representative of a side-channel attack dataset for each of a plurality of hardware performance counters (HPCs); and detecting, based on the information and by the hardware performance anomaly detection circuitry, whether said each of the plurality of HPCs demonstrates anomalous activity in response to a side-channel attack; selecting, by the hardware performance anomaly detection circuitry, at least one HPC of the plurality of HPCs for inclusion in a side-channel attack detection HPC sub-set based on a reliability of anomalous activity of the at least one HPC; and causing communication to one or more processor-based devices external to the side-channel attack detection system data indicative of the HPC sub-set, the data indicative of the HPC sub-set to be used by the one or more devices to detect a side-channel attack using HPC data collected from only the HPC sub-set. 12. The side-channel-attack detection method of claim 11 , further comprising: collecting, via the hardware performance anomaly detection circuitry and as the processor circuitry executes at least one application instruction set, information representative of a baseline dataset for each of a plurality of HPCs. 13. The side-channel attack detection method of claim 12 , wherein collecting information representative of a side-channel attack dataset for each of a plurality of HPCs further comprises: collecting, by the hardware performance anomaly detection circuitry, information representative of a side-channel attack dataset for each of a plurality of HPCs as the processor circuitry contemporaneously executes the at least one side-channel attack instruction set and the at least one application instruction set. 14. The side-channel attack detection method of claim 13 , wherein detecting whether each of the plurality of HPCs demonstrates anomalous activity as the processor circuitry executes the at least one side-channel attack instruction set further comprises: detecting, by the hardware performance anomaly detection circuitry, whether each of the plurality of HPCs demonstrates anomalous activity based on a deviation between the baseline dataset and the side-channel attack dataset for each of the plurality of HPCs. 15. The side-channel-attack detection method of claim 12 , wherein collecting information representative of the baseline dataset for each of the plurality of HPCs comprises: collecting, via data collection circuitry disposed in the hardware performance anomaly detection circuitry, the information representative of the baseline dataset for each of the plurality of HPCs; and wherein collecting information representative of the side-channel attack dataset for each of the plurality of HPCs includes: collecting, by the data collection circuitry, information representative of the side-channel attack dataset for each of the plurality of HPCs. 16. The side-channel-attack detection method of claim 15 , wherein detecting whether each of the plurality of HPCs demonstrates anomalous activity based on the deviation between the baseline dataset and the side-channel attack data
Assignees
Inventors
Classifications
involving event detection and direct action · CPC title
Machine learning · CPC title
using kernel methods, e.g. support vector machines [SVM] · CPC title
Test or assess a computer or a system · CPC title
- G06F21/552Primary
involving long-term monitoring or reporting · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11194902B2 cover?
- The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transfo…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/552. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 07 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).