Computer and network security is an ever important field of study as information processed by these systems is of ever increasing value. The state of research on direct attacks, such as exploiting memory safety or shell input errors is well established and a rich set of testing tools are available for these types of attacks. Machine-learning based intrusion detection systems are also available and are commonly deployed in production environments. What is missing, however, is the consideration of implicit information flows, or side-channels . Research has revealed side-channels formed by everything from CPU acoustic noise, to encrypted network traffic patterns, to computer monitor ambient light. Furthermore, no portable method exists for distributing side-channel test cases. This paper introduces a framework for adversary modeling and feedback generation on what the adversary may learn from the various side-channel information sources. The framework operates by monitoring two data streams; the first being the stream of side-channel cues, and the second being the stream of private system activity. These streams are used for training and evaluating a machine learning classifier to determine its performance of private system activity prediction. A prototype has been built to evaluate side-channel effects on four popular scenarios.

中文翻译：

---

基于机器学习的侧信道信息泄漏监控框架

由于这些系统处理的信息具有越来越高的价值，因此计算机和网络安全性一直是研究的重要领域。诸如利用内存安全性或外壳输入错误之类的直接攻击的研究状态已经很好地建立，并且针对这些类型的攻击提供了丰富的测试工具。也可以使用基于机器学习的入侵检测系统，并且通常将其部署在生产环境中。但是，缺少的是隐式信息流的考虑，或者旁通道 。研究表明，旁通道是由CPU噪声，加密的网络流量模式以及计算机监视器环境光等所有因素形成的。此外，不存在用于分发侧信道测试用例的便携式方法。本文介绍了一个用于对手建模和反馈生成的框架，以了解对手可能会从各种辅助渠道信息源中学到的知识。该框架通过监督运作二数据流；第一个是辅助渠道提示流，第二个是专用系统活动流。这些流用于训练 和 评估 一个 机器学习分类器确定其性能的专用系统活动预测。已经建立了一个原型，以评估对四 流行的场景。