Spec17Tre: A New Dataset in Hardware Security and Using Deep Learning for Detecting Spectre Attacks

Abstract

Computer performance has become a significant subject of study due to the processing of big data, the complexity of calculations and the importance of time efficiency. Many companies are improving processor operating principles to increase performance. The most common methods for this purpose are speculative execution and cache usage. While these techniques improve performance, they also introduce certain security vulnerabilities. Spectre is an attack that exploits vulnerabilities created by speculative execution, affecting all modern processor architectures. Research has shown that using machine learning to detect these attacks can be quite effective, although the features are typically gathered at the software level, which may limit detection since some performance parameters are not conveyed to the software. This study presents an analysis of Spectre attacks and their detection using machine learning and deep learning methods at the hardware level. Experiments are conducted using GEM5, a full-system hardware simulator, to ensure that only hardware-visible performance parameters are also collected. Attack detection is performed using Support Vector Machine (SVM) and Long Short-Term Memory (LSTM) methods. The LSTM method is used in conjunction with SVM and Convolutional Neural Network (CNN) techniques, and all models were tested on a new dataset, Spec17Tre, created using "519.lbm" from the SPEC CPU2017 benchmarks. The study achieved a 95% accuracy rate in attack detection using the LSTM + CNN hybrid model, which also yielded an F1 score of 0.999 for detecting applied Spectre attack scenarios.