HexPADS
Host-based, performance-counter-based attack detection system
Attacks change the execution behavior of a system. Our attack detection system HexPADS detects attacks through divergences from normal behavior using attack signatures. HexPADS collects information from the operating system on runtime performance metrics with measurements from hardware performance counters for individual processes. Cache behavior is a strong indicator of ongoing attacks like rowhammer, side channels, covert channels, or CAIN attacks. Collecting performance metrics across all running processes allows the correlation and detection of these attacks. In addition, HexPADS can mitigate the attacks or significantly reduce their effectiveness with negligible overhead to benign processes.
inactive
—
entered showcase: 2020-02-21
—
entry updated: 2024-04-12
This project has not yet been evaluated by the C4DT Factory team.
We will be happy to evaluate it upon request.
Application
C