An approach with two-stage mode to detect cache-based side channel attacks

Side channel attacks, which intend to analyze third party sharing resources responses, has become a significant security threat to cloud, in particular the cache-based side channel attacks. In this paper, to eliminate such a security threat in cloud, based on the observation that the creation of a side channel has certain effects on the resource utilization in both the host and guest, we investigate the detection approach for detecting cache-based side channel attacks, named CSDA. The approach uses the two-stage detection mode which consists of host detection and guest detection, combines shape test and regularity test to extract the attack features from hosts and guests, and uses pattern recognition techniques to distinguish the attack VMs from the legitimate VMs. At last, a series of experiments are conducted, and the experimental results show that CSDA is capable of detecting them in cloud effectively.