10.1145/3652861">
 

CuMONITOR: Continuous Monitoring of Microarchitecture for Software Task Identification and Classification

Document Type

Article

Publication Date

9-30-2024

Abstract

The interactions between software and hardware are increasingly important to computer system security. This research collected microprocessor control signal sequences to develop machine learning models that identify software tasks. In contrast with prior work that relies on hardware performance counters to collect data for task identification, this research is based on creating additional digital logic to record sequences of control signals inside a processor’s microarchitecture. The proposed approach considers software task identification in hardware as a general problem, with attacks treated as a subset of software tasks. Three lines of effort are presented. First, a data collection approach is described to extract sequences of control signals labeled by task identity during actual (i.e., non-simulated) system operation. Second, experimental design selects hardware and software configurations to train and evaluate machine learning models. The machine learning models significantly outperform a naïve classifier based on Euclidean distances from class means. Various experiment configurations produced a range of balanced accuracy scores. Third, task classification is addressed using decision boundaries defined with thresholds chosen by an optimization strategy to develop non-neural network classifiers. When implemented in hardware, the non-neural network classifiers could require less digital logic to implement compared to neural network models.

Comments

© 2024 Association for Computing Machinery. All rights reserved.

The "Link to Full Text" on this page opens or saves the PDF of the article as hosted at the ACM website. The HTML version is available via the DOI link below.

Source Publication

Digital Threats: Research and Practice

Link to Full Text

Share

COinS