sdmay23-16 • Robustness of Microarchitecture Attacks/Malware Detection Tools against Adversarial Artificial Intelligence Attacks

Senior Design Team 16

Project Overview

In a technology centric world, cybersecurity is crucial to ensuring consumer privacy of information. Some microarchitecture-based malware attacks cannot be detected using current existing software – causing a breach of security and loss of privacy. Major chip manufacturers and cloud computing providers need a way to identify and differentiate these attacks from benign signals in order to ensure consumer privacy. These attacks can happen at any given time, making it difficult to identify them consistently and accurately.

To that extent, our team is creating a software tool that can assess the robustness of an AI based detector against microarchitecture attacks. This will allow companies to strengthen and improve their own software to better detect and quarantine said attacks.

The software our team will develop will assess the robustness of security systems that attempt to detect microarchitecture attacks. The robustness will be measured by its ability to detect microarchitecture attacks specially designed to evade detection. The software will generate these evasive adversary attacks by inserting artificial noise into the attack instructions to mimic benign power signatures and exploit the security system’s underlying machine-learning model.

Our software leverages the use of an existing machine learning model that has been trained by Dr. Gulmezoglu and his graduate teaching assistant. After the artificial noise has been introduced to the source code, it and its power dataset are fed into the machine learning model for comparison. The goal is to attempt to insert instructions so that the attack succeeds, but the machine learning model is unable to detect it with higher than a 20% confidence rate.

In addition, with the insertion of these instructions, the power usage of the modified attack should not exceed 2 times that of the original, and the leakage rate not surpass 5 times that of the original. We monitor this with the creation of a GUI and CLI that will output the leakage rate of the source code, model confidence rate, and the attack power signature.