Software Side Channel Vulnerability Detection Based on Similarity Calculation and Deep Learning

Software Side Channel Vulnerabilities (SSCVs) cause serious security threats, which introduces a big challenge to software development. With the sustaining growth of software complexity and scale, SSCV detection has become a tedious work. Existing methods suffer from efficiency, accuracy and generality problems, and ignore the detection of vulnerability variants. Applying machine learning is promising due to high efficiency and automation, but training an effective model is still an open issue due to the lack of side-channel vulnerability data. In this paper, we propose a novel two-stage SSCV detection method based on similarity calculation and deep learning. We target three types of vulnerability variants that have different degrees of similarity to original ones. The first detection stage applies Deterministic Finite Automata (DFA) and Trie tree to regularize software codes for detecting vulnerability Variants 1 and 2 through similarity calculation. The second stage uses Long Short-Term Memory and Neural Network Classifier (LSTM-NNClassifier) to discover vulnerability Variant 3. In addition, we offer a code augmentation method to construct a sufficient dataset to train the LSTM-NNClassifier for overcoming the problem of lacking training data. Extensive experiments based on real world data show the efficiency and accuracy of our detection method.