Side-channel attacks that use machine learning (ML) for signal analysis have become prominent threats to computer security, as ML models easily find patterns in signals. To address this problem, this paper explores using Adversarial Machine Learning (AML) methods as a defense at the computer architecture layer to obfuscate side channels. We call this approach Defensive ML, and the generator to obfuscate signals, defender. Defensive ML is a workflow to design, implement, train, and deploy defenders for different environments. First, we design a defender architecture given the physical characteristics and hardware constraints of the side-channel. Next, we use our DefenderGAN structure to train the defender. Finally, we apply defensive ML to thwart two side-channel attacks: one based on memory contention and the other on application power. The former uses a hardware defender with ns-level response time that attains a high level of security with half the performance impact of a traditional scheme; the latter uses a software defender with ms-level response time that provides better security than a traditional scheme with only 70% of its power overhead.

翻译：通过机器学习进行信号分析的侧信道攻击已成为计算机安全领域的重大威胁，因为机器学习模型能够轻易发现信号中的模式。针对此问题，本文探索在计算机架构层采用对抗性机器学习方法作为防御手段，对侧信道进行混淆。我们将该方法称为防御型机器学习，并将用于信号混淆的生成器称为防御器。防御型机器学习是一套针对不同环境设计、实现、训练及部署防御器的工作流程。首先，根据侧信道的物理特征与硬件约束设计防御器架构；其次，采用提出的DefenderGAN结构对防御器进行训练；最后，将防御型机器学习应用于两种侧信道攻击的防御：基于内存竞争的侧信道攻击和基于应用程序功耗的侧信道攻击。前者采用纳秒级响应时间的硬件防御器，在达成高安全等级的同时，性能影响仅为传统方案的一半；后者采用毫秒级响应时间的软件防御器，其安全性优于传统方案，且功耗开销仅为传统方案的70%。