This README describes the contents and utilization of the Power Side-Channel Malware Detection dataset.
Power traces were collected from a Portwell PCOM-C700 Type VII carrier board with a Portwell PCOM-B700G processor module. This module features an 8-core Intel Xeon D-1539 embedded-class processor. Sampling was performed using a YHDC HSTS016L Hall-effect split core current Hall-effect current sensor clamped around the 12V CPU power cable. Current sensor readings were recorded using a PicoScope 2408B oscilloscope at a sampling rate of 2 KHz.
Each trace samples one operating state; a permutation of executing applications. Traces feature both uninfected and infected counterparts of each state.
More technical details are available in [1].
All traces are provided as a timeseries csv in a flat directory. Users are responsible for preprocessing and train-test splits.
Traces are provided in csv format and labelled {state}_{attack}_2024_{index}.csv State refers to the unique combination of executing benign applications. Attack specifies which attack (malware) is executing in parallel with the state. Index is used to order traces of the same state and attack.
hash SHA-3 implementation from the Extended Keccak Code Package link.
facedetect A face detection application using the OpenCV library running a video benchmark.
package-delivery Autonomous drone package delivery benchmark from MAVBench.
Meltdown Proof of concept Specified in trace naming as: _m_
Spectre Proof of concept Specified in trace naming as: _s_
L1-Cache Covert-Channel link Specified in trace naming as: _cc_
When no malware is executing, a state is considered benign and specified in trace naming as _b_.
s0: ----------------, ----------, ---- (idle)
s1: ----------------, ----------, hash
s2: ----------------, facedetect, ----
s3: ----------------, facedetect, hash
s4: package-delivery, ----------, ----
s5: package-delivery, ----------, hash
s6: package-delivery, facedetect, ----
s7: package-delivery, facedetect, hash
Traces are provided in csv format and labelled {state}_{attack}_2024_{index}.csv
s0_b_2024_00.csv refers to the first trace collected from benign state 0.
s0_b_2024_01.csv refers to the second trace collected from benign state 0.
s1_b_2024_00.csv refers to the first trace collected from benign state 1.
s1_m_2024_00.csv refers to the first trace collected from state 1 when infected by Meltdown.
s1_cc_2024_00.csv refers to the first trace collected from state 1 when infected by L1-Cache Covert-Channel.
[1] Alexander Cathis, Ge Li, Shijia Wei, Michael Orshansky, Mohit Tiwari, and Andreas Gerstlauer, "SoK Paper: Power Side-Channel Malware Detection," International Workshop on Hardware and Architectural Support for Security and Privacy (HASP), Austin, TX, November 2024.
Alexander Cathis <[email protected]>